Service policies

A service policy is the fundamental policy used to define authorization and access control within the network. It answers the critical question:

Which identities are authorized to dial and/or bind which services?

Attributes

Service policies define the relationships between identities and services using either grouped attributes or individual selections:

• Identity attributes: Attributes (#) or specific identities (@) that this policy should apply to (e.g., applications, devices, or users).
• Service attributes: Attributes (#) or specific services (@) that this policy should apply to (the resources you want to protect).

A service policy is one part of a required policy set that defines a micro-perimeter. Only identities that match the required identity criteria are authorized to dial or bind services that match the specified service criteria. If no service policy explicitly authorizes a connection, the connection is implicitly denied.

Console reference

Service policies table

The Service Policies tab lists the rules that authorize identities to access (dial) or host (bind) specific services.

Column	Description
Name	The unique, user-defined name for the policy.
Service Attributes	The set of service attributes included in this policy. Any service with a matching attribute is governed by this policy.
Identity Attributes	The set of identity attributes included in this policy. Any identity with a matching attribute is granted the permissions defined here.
Posture Check Attributes	The specific posture checks required for this policy. Identities must pass these checks to use the connection.
Semantic	The logic used to match attributes (AnyOf or AllOf). Determines if an entity needs one or all listed attributes to match the policy.
Type	Defines the permission granted: Dial (allows the identity to access the service) or Bind (allows the identity to host the service).
Created At	The date and time the policy was created.
ID	The unique, system-assigned ID (UUID) assigned to the policy by the controller.