Policy as Code Fundamentals
Policy as Code means authorization rules are written in a formal language, stored in version control, reviewed in pull requests, tested in CI, and promoted across environments — the same lifecycle as application code.
Why enterprises standardize on EnforceAuth
Beyond writing Rego, production authorization requires governance (who owns which policy), lifecycle (draft → test → promote → rollback), auditability (every decision logged), compliance evidence, fleet visibility, and operational support. EnforceAuth provides an enterprise authorization control plane for those outcomes — your PDP (OPA or EOPA) evaluates policy; EnforceAuth operationalizes it at scale.
Why not IAM dashboards alone?
Cloud IAM and SaaS admin consoles answer coarse who has a role questions. They rarely express:
- Attribute-based rules (
user.department == resource.owner) - Context at decision time (time, location, data classification)
- Consistent enforcement across microservices and data planes
Policy as Code centralizes those rules and makes changes auditable.
Core vocabulary
| Term | Meaning |
|---|---|
| PEP | Policy Enforcement Point — intercepts a request and asks the PDP |
| PDP | Policy Decision Point — evaluates policy (OPA, Cedar engine, etc.) |
| PIP | Policy Information Point — data the PDP needs (user attributes, resource metadata) |
| Control plane | EnforceAuth — authoring, deployment, logs, governance above the PDP |
EnforceAuth's role
EnforceAuth is not a replacement for OPA or other PDPs. It is the enterprise authorization platform: Git-backed authoring, multi-environment promotion, decision log ingestion, compliance evidence, and fleet operations — with OPA-compatible bundles today.