Skip to main content

Templates

Start from a battle-tested pattern. Choosing a template pre-fills the Policy Builder with a real, editable policy.

GitHubSaaS
Repository admin (org members)
Allow org members with the maintainer role to administer repositories.
rbacabacrepository
Google WorkspaceSaaS
HR can view employee profiles
Allow the HR department to read employee profile resources.
abacdepartmentread
AWS IAMCloud
Block production deploys after hours
Deny deployments to production environments outside business hours.
abacdenytime-window
Azure EntraCloud
Corporate network only
Allow access only from the corporate network CIDR ranges.
abacnetworkcontext
SlackSaaS
Channel owners manage members
Allow the owner relation of a channel to manage its membership.
rebacownership
JiraSaaS
Project leads edit issues
Allow the lead role to edit issues within their project.
rbacabacproject
SalesforceSaaS
Region-scoped account access
Allow reps to read accounts only in their assigned region.
abacattribute-match
Healthcare / HIPAARegulated
PHI access with break-glass audit
Allow clinicians to read PHI for patients in their care team.
abachipaasensitive
Finance / SOXRegulated
Separation of duties (payments)
Deny payment approval by the same user who created the payment.
abacdenysox
GovernmentRegulated
Clearance-level document access
Allow access to classified documents at or below the subject's clearance.
abacclearance
BaselineBaseline
Require MFA for sensitive actions
Deny sensitive write actions when the session is not MFA-verified.
abacdenymfa
BaselineBaseline
Owners can do anything to their resource
Allow the owner relation of a resource full access to it.
rebacownership
Workspace
Directory
Authentication
Authorization
Security
Developer
Administration
↑↓ navigate · select · esc close75 results