evaluatePolicy

Evaluate whether the authenticated subject is permitted to perform a single action on a single entity.

Returns allowed: false (not an error) for entities that don't exist or that belong to a different organization, so that the caller can't probe for their existence. Returns a NOT_FOUND error when action is not in the policy catalog or refers to an entity that has no addressable id.

evaluatePolicy(
  organizationId: ID!
  action: String!
  entityId: ID!
): PolicyDecision!

Arguments

`evaluatePolicy.organizationId` ● `ID!` non-null scalar {#organization-id}

Your organization's unique identifier.

`evaluatePolicy.action` ● `String!` non-null scalar {#action}

Action id in entity:verb form (for example project:view). Query policyActions for the full catalog.

`evaluatePolicy.entityId` ● `ID!` non-null scalar {#entity-id}

The identifier of the entity (e.g., a project's identifier).

Type

`PolicyDecision` object

The decision returned by an evaluatePolicy request.

action and entityId mirror the inputs so batch callers can correlate decisions with their original questions without tracking positions externally.

Arguments​

evaluatePolicy.organizationId ● ID! non-null scalar {#organization-id}​

evaluatePolicy.action ● String! non-null scalar {#action}​

evaluatePolicy.entityId ● ID! non-null scalar {#entity-id}​

Type​