Skip to content

[DIFF] Policy-as-code access control — OPA/Rego integration #216

Closed
Closed
[DIFF] Policy-as-code access control — OPA/Rego integration#216
Labels
differentiatorenhancementNew feature or requestpriority: lowsecurity
@ElioNeto

Description

@ElioNeto
ElioNeto
opened on May 22, 2026

Differentiator

Fine-grained, policy-based access control using Open Policy Agent Rego language.

Example

policy.rego:
allow { input.operation == "read" not startswith(input.key, "hr/") }
allow { input.operation == "read" startswith(input.key, "hr/") input.user.roles[_] == "hr" }

Features

  • Per-key, per-user, per-operation authorization
  • Hot-reload policies
  • Audit log of denied access
  • Built-in Rego evaluator (no external OPA server)

Impact

  • HIPAA/SOC2 compliance
  • Fine-grained access control unique in embedded DBs

Metadata

Metadata

Assignees

No one assigned

    Labels

    differentiatorenhancementNew feature or requestpriority: lowsecurity

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions