RBAC
The rbac policy is still configured as rbac, and its current behavior combines role checks with request attributes such as keeptrusts.data_sensitivity and PHI detection in request text.
Phase and verdicts
- Phase: input
- Verdicts:
alloworblock
Configuration
pack:
name: rbac-example-1
version: "1.0.0"
enabled: true
policies:
chain:
- rbac
policy:
rbac:
deny_if_missing:
- X-User-ID
- X-User-Role
require_auth: true
roles:
analyst:
allowed_tools:
- search
- summarize
- report_*
denied_tools:
- dangerous_*
admin:
allowed_tools:
- "*"
denied_tools: []
data_access:
analyst:
max_sensitivity: confidential
admin:
max_sensitivity: restricted
minimum_necessary:
enabled: true
allowed_phi_roles:
- clinician
- admin
Supported fields
| Field | Type | Default | Notes |
|---|---|---|---|
deny_if_missing | string[] | [] | Missing or empty listed headers cause rbac.missing_identity. |
require_auth | boolean | false | Requires a non-empty Authorization: Bearer <token> header. It does not validate JWT claims or signatures. |
roles | object | {} | Keys are role names matched from the X-User-Role header. |
roles.<role>.allowed_tools | string[] | [] | Supports exact names and * wildcards. |
roles.<role>.denied_tools | string[] | [] | Deny rules win over allow rules. |
data_access | object | {} | Role-specific limits for keeptrusts.data_sensitivity. |
data_access.<role>.max_sensitivity | string | public | One of public, internal, confidential, restricted. |
minimum_necessary.enabled | boolean | false | Enables PHI gating based on message content. |
minimum_necessary.allowed_phi_roles | string[] | [] | Roles allowed to proceed when PHI-like content is detected. |
What the policy checks
- Required headers listed in
deny_if_missingmust be present and non-empty. X-User-ID,X-Org-ID, andX-User-Roleare validated as simple ASCII identifiers (A-Z,a-z,0-9,-,_,.).- If
require_authis enabled, theAuthorizationheader must look likeBearer <token>. - When
rolesis configured,X-User-Rolebecomes mandatory. - Tool restrictions apply to names declared in
request.tools[*].function.name. data_accesscompares the request'skeeptrusts.data_sensitivityvalue with the role ceiling.minimum_necessaryscansmessages[].contentfor PHI-like content and blocks roles not listed inallowed_phi_roles.
Important behavior notes
- Role resolution is currently header-based. The policy does not map roles from JWT claims.
- Undefined roles fall through to deny when a tool is requested.
require_authchecks header shape only. Use an upstream identity layer if you need real token verification.- This policy is role-based, but it also evaluates request attributes (
keeptrusts.data_sensitivity) and message content (PHI detection).
Minimal valid example
policy:
rbac:
deny_if_missing:
- X-User-ID