Policy Engine
Unified policy engine configuration and runtime checks.
Components
Section titled “Components”Authrim currently exposes policy functionality through two surfaces:
- Tenant policy management:
/api/admin/tenant-policy - Policy worker runtime checks:
/policy/*,/api/rebac/*, and/api/check/*
Tenant Policy
Section titled “Tenant Policy”GET /api/admin/tenant-policyAuthorization: Bearer <admin_token>PUT /api/admin/tenant-policyAuthorization: Bearer <admin_token>Content-Type: application/json
{ "ifMatch": "3", "policy": { "metadata": { "status": "active" }, "profile": "human" }}Updates require ifMatch to prevent concurrent modification and version rollback.
Runtime Endpoints
Section titled “Runtime Endpoints”| Endpoint | Method | Description |
|---|---|---|
/policy/evaluate | POST | Evaluate a policy context |
/policy/check-role | POST | Check role membership |
/policy/check-access | POST | Check resource/action access |
/api/rebac/check | POST | ReBAC check |
/api/rebac/batch-check | POST | Batch ReBAC checks |
/api/check | POST | Unified permission check |
/api/check/batch | POST | Batch unified checks |
Runtime endpoints are service-to-service APIs and require the policy worker internal bearer token.