Access policies are back, baby! Use them to enforce item-level access control.

Back in February, we announced that access policies were being temporarily removed, with a new implementation coming in future. They originally worked by tracing paths between the user and the item they were trying to access. In practice, the performance cost was too high, so we took them back to the drawing board.

We're pleased to announce that the new implementation of access policies has now arrived!

How do they work?

You can create one or more access policies for a particular design/interface. Each access policy can have one or more rules.

A rule applies to one or more user groups. It grants them conditional read access to items of that design/interface, based on the value each item has for a given attribute/property.

Currently, access policies can only be created and managed via the Alloy API.

What are they good for?

Access policies are enforced throughout Alloy. If a user isn't granted access to an item, it won't appear for them, regardless of whether they're using the map, the Data Explorer, etc.

This lets you control which items appear for which user groups. For example:

• The "Emergency" group can only see tasks whose Priority attribute is "High" or "Critical".
• The "Waste Sector C" group can only see waste jobs whose Geometry attribute is located within a specific area.
• The "Acme Contractor" group can only see assets whose Default Team attribute is set to one of their teams.

What about Permissions?

Access policies are designed to work alongside Permissions. Think of them as a more granular replacement for the Read permission.

If you enable the Read permission on a design/interface, it grants read access to all of its items.

Alternatively, you can disable the Read permission and use access policies to grant conditional access to items, based on the values they hold.

Learn more

To learn about creating and managing access policies via the Alloy API, see Access Policies on the Alloy Help site.

Please note: the relational expressions will become available on 30th November, as part of the Alloy v2.53 release.