Access policies

Create a custom access policy (or choose a managed access policy), assign it to an access role, then assign the access role to your users.

Access policies are a crucial aspect of managing data access and usage within the MessageBird environment. They are a set of rules that either grant or deny access to specific areas within the software. By creating access policies, you can improve compliance and ensure that data is accessed only by authorized users.

There are two types of access policies:

Managed access policies

Managed access policies are policies that have been created for you by MessageBird to make it easier for you to get set up.

These are the available manages access policies:

Custom access policies

You can create your own custom access policies by following these steps:

  1. Go to your Organization Settings and click Access policies.

  2. Click the Create custom policy button.

  3. Enter a Policy name and a policy description.

  4. In the "Definition" section, under Effect, select 'Allow' or 'Deny' from the drop-down. This will establish if the policy you are creating will 'allow' or 'deny' users access to specific users area of your organization.

  5. Under Action, you define what action you are 'allowing' or 'denying' users from performing. Choose one of the following options from the drop-down:

    • any

    • view

    • create

    • delete

    • update

  6. In the Resource field, define the URL of the area of the organization you are 'allowing' or 'denying' users access to. For example: /workspaces{workspaceId}/contacts.

  7. You can add multiple definitions and resources to create more complex access policies by clicking Add resource or Add definition.

  8. Click Create policy to create your custom access policy.

Using access policies

Once you have created your access policy, (or chosen which managed policies you want to use) you can assign it to an access role, and then assign the access role to a user.

This will ensure that the user only has access to the areas of the organization that you have specified in the access policy.

Last updated