Domains / Security and Compliance/ Software Subsystem

Policy Engine

Open Policy Agent (OPA) sidecar deployment evaluating fine-grained RBAC and ABAC authorization policies for all platform API requests.

Software Subsystem Application active

Policy Engine runs OPA as a sidecar or dedicated service. Policies are written in Rego and cover tenant-level role assignments, resource-level permissions, and attribute conditions (e.g., "can only access contacts in own region"). Policy bundles are distributed via a dedicated OPA bundle server.

Relationships

Composes outgoing 1
Target Element Element Type
IAM Platform Software System
Part of incoming 1
Source Element Element Type
IAM Platform Software System
Served by incoming 1
Source Element Element Type
Security GKE Cluster Cloud Service

Architecture Context

Diagrams

Not yet referenced in any diagram

Properties

Type Software Subsystem
Layer Application
Domain Security and Compliance
Status active
Owner Security Team

Additional Metadata

Catalog Id SUB-SEC-002
Environments production, staging
Served By Cloud Services Security GKE Cluster
Archimate Type application-component
C4 Type Container
Togaf Type Application Component

Meta Model

Business
Organization
Application current
Technology

Actions