Apply global data protection policies

This guide explains how to update and use global baseline policies.

Global baseline policies are access policies that get applied by default to all accessors (or mutators). These policies ensure a consistent security baseline across all data operations. Global baseline policies cannot be overridden for individual accessors or mutators.

Example Use Cases for Global Baseline Policies

1. Always Require Valid Token
   1. Apply a global access policy that ensures every request includes a valid token to authenticate the user.
2. Always Require Trusted IP
   1. Apply a global access policy that restricts access to trusted IP addresses only, ensuring data can only be accessed from approved locations or VPNs.
3. Global Rate Limiting
   1. Apply a global access policy that enforces rate limiting on all queries to prevent abuse and ensure fair usage.

Setting Global Baseline Policies

Global baseline policies are provisioned during tenant creation. They can be found and edited on the access policies page. These policies can be composed of other policies and templates. Additionally, they can be edited via the Update Access Policy API. For more details on editing global baseline policies, see the API reference.

Combining Policies

For any accessor that involves multiple columns with default access policies, the system will AND the following three types of policies:

1. Global baseline policy: Applied to ensure baseline security.
2. Column-default access policies: Applied unless overridden.
3. Accessor-specific access policy composition: Applied in addition to the above policies.

This ensures that all policies work together to provide a robust security framework. For tokens generated by an accessor, the same approach applies to token access policies.