# Access Policies

## Access policies

An access policy is a set of rules and each one determines the access to one or multiple resources. Access policies can be managed via <https://app.bird.com/settings/security/access-policies>.

When creating access policies you should give access only to the resources you need to access via the API.&#x20;

### Creating an access policy

In this example we will create an access policy that will allow you to send and retrieve messages sent to any channels in your workspace

<figure><img src="https://3210271997-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdnJZeZvhOMhDQA8SpjQM%2Fuploads%2F61yv5J6wA3ZI7EMrmeIq%2FWork%20Here%20-%20Horizontal%20Frame%20(6).png?alt=media&#x26;token=299f5dd8-d427-4006-b23c-9d653be0dc58" alt=""><figcaption><p>Create a custom policy</p></figcaption></figure>

1. The first step is to give your access policy a meaningful **name** and **description.** \ <br>

   <figure><img src="https://3210271997-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdnJZeZvhOMhDQA8SpjQM%2Fuploads%2F3w2cwo3BeVMxWOGpEtVm%2FWork%20Here%20-%20Squared%20Frame%20(1).png?alt=media&#x26;token=4c335af0-77c9-46d7-b954-41972453a6d4" alt=""><figcaption><p>Access Policy Name and Description</p></figcaption></figure>
2. Next define a policy definition. The one shown will **Allow** you to **Create** (POST/Send) messages to the /channels endpoint and also create media for sending image messages<br>

   <figure><img src="https://3210271997-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdnJZeZvhOMhDQA8SpjQM%2Fuploads%2Fwgq24zhQ6Tt3EKEGcHae%2FWork%20Here%20-%20Squared%20Frame%20(2).png?alt=media&#x26;token=3f14825a-ba87-48eb-87ef-12e75f67ffaf" alt=""><figcaption><p>Access Policy Create Definition</p></figcaption></figure>
3. The second policy definition will **Allow** you to **View** (GET) all messages and specific messages on channels
4. Finally Create Policy\ <br>

   <figure><img src="https://3210271997-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdnJZeZvhOMhDQA8SpjQM%2Fuploads%2FNnPWVgJaMGQtZrsZGvk9%2FWork%20Here%20-%20Squared%20Frame%20(3).png?alt=media&#x26;token=18de8353-fdad-413f-bef6-dd813f3f559c" alt=""><figcaption><p>Access Policy Get Definition</p></figcaption></figure>

### Understanding policy definitions

Policy definitions provide extremely fine grained control over the endpoints in your workspace. Each of your access policies can have one or more definitions. By default any endpoints that do not have explicit allow access (will result in access denied when trying to access them). Examining a definition in detail:

| Field Name  | Description                                                                | Values                                                                                                                                                                                                                                                                                                                                                                                  |      |                                            |            |
| ----------- | -------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | ------------------------------------------ | ---------- |
| Effect      | Allow or deny permission to a list of resources                            | <p>Allow<br>Deny</p>                                                                                                                                                                                                                                                                                                                                                                    |      |                                            |            |
| Action      | Allow any or specific actions on the attached resource(s)                  | <p>Any<br>Create (POST)<br>View (GET                                                                                                                                                                                                                                                                                                                                                    | HEAD | OPTIONS)<br>Delete (DELETE)<br>Update (PUT | PATCH)</p> |
| Resource(s) | Path of the resource. Policy definitions can contain one or more resources | <p>Path of the resource. Example: /workspaces/{workspaceID}/channels</p><p></p><p><strong>Valid wildcards:</strong></p><p></p><p>\* - Any value for a specific part of the path e.g. /workspaces/*/channels (applies to all workspaces in an organisation)</p><p></p><p>\*\* - Any value for all child paths e.g. /workspaces/*/channels/\*\* (access to all paths below /channels)</p> |      |                                            |            |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bird.com/api/api-access/access-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.