Skip to main content

RBAC

The rbac policy is still configured as rbac, and its current behavior combines role checks with request attributes such as keeptrusts.data_sensitivity and PHI detection in request text.

Phase and verdicts

  • Phase: input
  • Verdicts: allow or block

Configuration

pack:
name: rbac-example-1
version: "1.0.0"
enabled: true

policies:
chain:
- rbac

policy:
rbac:
deny_if_missing:
- X-User-ID
- X-User-Role
require_auth: true
roles:
analyst:
allowed_tools:
- search
- summarize
- report_*
denied_tools:
- dangerous_*
admin:
allowed_tools:
- "*"
denied_tools: []
data_access:
analyst:
max_sensitivity: confidential
admin:
max_sensitivity: restricted
minimum_necessary:
enabled: true
allowed_phi_roles:
- clinician
- admin

Supported fields

FieldTypeDefaultNotes
deny_if_missingstring[][]Missing or empty listed headers cause rbac.missing_identity.
require_authbooleanfalseRequires a non-empty Authorization: Bearer <token> header. It does not validate JWT claims or signatures.
rolesobject{}Keys are role names matched from the X-User-Role header.
roles.<role>.allowed_toolsstring[][]Supports exact names and * wildcards.
roles.<role>.denied_toolsstring[][]Deny rules win over allow rules.
data_accessobject{}Role-specific limits for keeptrusts.data_sensitivity.
data_access.<role>.max_sensitivitystringpublicOne of public, internal, confidential, restricted.
minimum_necessary.enabledbooleanfalseEnables PHI gating based on message content.
minimum_necessary.allowed_phi_rolesstring[][]Roles allowed to proceed when PHI-like content is detected.

What the policy checks

  1. Required headers listed in deny_if_missing must be present and non-empty.
  2. X-User-ID, X-Org-ID, and X-User-Role are validated as simple ASCII identifiers (A-Z, a-z, 0-9, -, _, .).
  3. If require_auth is enabled, the Authorization header must look like Bearer <token>.
  4. When roles is configured, X-User-Role becomes mandatory.
  5. Tool restrictions apply to names declared in request.tools[*].function.name.
  6. data_access compares the request's keeptrusts.data_sensitivity value with the role ceiling.
  7. minimum_necessary scans messages[].content for PHI-like content and blocks roles not listed in allowed_phi_roles.

Important behavior notes

  • Role resolution is currently header-based. The policy does not map roles from JWT claims.
  • Undefined roles fall through to deny when a tool is requested.
  • require_auth checks header shape only. Use an upstream identity layer if you need real token verification.
  • This policy is role-based, but it also evaluates request attributes (keeptrusts.data_sensitivity) and message content (PHI detection).

Minimal valid example

policy:
rbac:
deny_if_missing:
- X-User-ID

Next steps