Extremely simple policy for accessing the admin console. If you are "admin" you can do anything. If you are "editor", you can edit policies and the dictionaries. If you are "guest", you can only read or view information. Admin policy admin PERMIT - application access. access application PERMIT - any action on the admin admin PERMIT - any action on the roles workspace PERMIT - any action on the dictionaries dictionaries PERMIT - any action on the pdp pdp_admin PERMIT - any action on the pip pip_admin PERMIT - admin can read read DENY - default DENY- any action on manage scopes manage_scopes Super Admin policy super-admin PERMIT - superadmin can do everything in the admin console. Editor Policy editor PERMIT - application access. access application PERMIT - R/W workspace The action is read or write AND the resource is the workspace. Action is Read OR Write Is action = read? Un-bag read Is action = write? Un-bag write resource is workspace Un-bag workspace PERMIT - any action on the editor editor PERMIT - any action on the dictionaries dictionaries PERMIT - any action on the dictionaries pdp_admin PERMIT - editor can read read DENY - default Super Editor Policy super-editor PERMIT - application access. access application PERMIT - R/W workspace The action is read or write AND the resource is the workspace. Action is Read OR Write Is action = read? Un-bag read Is action = write? Un-bag write resource is workspace Un-bag workspace PERMIT - any action on the super editor super-editor PERMIT - any action on the dictionaries dictionaries PERMIT - any action on the dictionaries pdp_admin PERMIT - super editor can read read DENY - default Guest policy guest PERMIT - application access. access application PERMIT - guest can access access PERMIT - guest to access pdp pdp_admin PERMIT - any action on the policymanagement application DENY - default super guest policy super-guest PERMIT - application access. access application PERMIT - super guest can access access PERMIT - super guest to access pdp pdp_admin PERMIT - any action on the dictionaries application DENY - default Unknown user id DENY