Enterprise Policy Management
The features described on this page require an Enterprise license.
Already an Enterprise customer? Access the full documentation in your Customer Portal.
Enterprise customers have access to advanced policy management capabilities built on AxonFlow's three-tier policy hierarchy.
Enterprise Policy Features
| Feature | Community | Enterprise |
|---|---|---|
| 63 System policies (view) | ✅ | ✅ |
| System policy overrides | ❌ | ✅ |
| Organization-tier policies | ❌ | ✅ Full CRUD |
| Tenant-tier policies | ✅ 30 limit | ✅ Unlimited |
| Policy version history | ✅ Last 5 | ✅ Full audit trail |
| Pattern testing API | ✅ | ✅ |
| Customer Portal UI | ❌ | ✅ |
Three-Tier Policy Hierarchy
┌─────────────────────────────────────────────────────────────┐
│ SYSTEM POLICIES │
│ (Immutable patterns, action overridable) │
│ 53 static + 10 dynamic │
├─────────────────────────────────────────────────────────────┤
│ ORGANIZATION POLICIES │
│ (Company-wide, applies to all tenants) │
│ Enterprise only │
├─────────────────────────────────────────────────────────────┤
│ TENANT POLICIES │
│ (Team-specific rules) │
│ Community: 30 limit | Enterprise: Unlimited │
└─────────────────────────────────────────────────────────────┘
Organization-Tier Policies
Organization policies apply to all tenants within your organization. Use them for:
- Company-wide security standards
- Shared compliance requirements (HIPAA, PCI-DSS, GDPR)
- Consistent governance across teams
- Industry-specific patterns (SWIFT codes, medical IDs)
System Policy Overrides
While system policy patterns are immutable, Enterprise customers can override their action:
| Override Type | Description |
|---|---|
block → warn | Allow but flag for review |
block → log | Allow and audit only |
| Disable | Temporarily disable a system policy |
All overrides require a documented reason and can have optional expiration dates for automatic reversion.
Customer Portal
Enterprise customers access policy management through the Customer Portal:
- Visual policy editor with pattern testing
- Tier badges showing policy source (System 🔒, Organization 🏢, Tenant 👥)
- Override management with audit trail
- Version history for all changes
- Import/Export in JSON or YAML format
Policy Templates
Enterprise includes pre-built policy templates for common compliance and security scenarios. Templates can be applied as-is or customized to fit your organization's requirements.
| Template | Description | Policies Included |
|---|---|---|
| HIPAA Starter | Healthcare data protection | PHI detection, minimum necessary access, audit logging |
| PCI-DSS | Payment card data security | Credit card detection, PAN masking, access restriction |
| GDPR Privacy | EU data protection | PII detection, consent checks, right-to-erasure support |
| Financial Services | Banking and finance | AML patterns, SWIFT code detection, transaction limits |
| SOC 2 Baseline | Security and availability | Input validation, SQL injection blocking, rate limiting |
To apply a template via the Customer Portal:
- Navigate to Policies > Templates.
- Select a template and review the included policies.
- Click Apply to add the policies to your organization tier.
- Customize individual policies as needed.
Templates can also be applied via the CLI:
axonctl policies apply-template --name "HIPAA Starter" --org your-org-id
Tenant Isolation
Enterprise policy management enforces strict tenant isolation. Policies are scoped per tenant so that one tenant's rules never affect another.
How Isolation Works
- System policies apply globally across all tenants (read-only for tenants, action overridable by org admins).
- Organization policies apply to all tenants within the organization, set by org administrators.
- Tenant policies are scoped to a single tenant and only visible/editable by that tenant's administrators.
Isolation Guarantees
| Property | Guarantee |
|---|---|
| Policy visibility | Tenants can only see their own tenant-tier policies plus system and org policies |
| Policy creation | Tenant-created policies are automatically scoped to that tenant |
| Policy evaluation | Only system + org + the requesting tenant's policies are evaluated per request |
| Audit logs | Tenant audit entries are filtered by tenant_id in all queries |
Example: Multi-Tenant Policy Evaluation
When a request arrives for tenant-A, the policy engine evaluates in this order:
- System policies (63 built-in patterns) -- applied to all tenants
- Organization policies -- company-wide rules set by admins
- Tenant-A policies -- only
tenant-A's custom rules
Policies from tenant-B are never loaded or evaluated for tenant-A's requests.
Get Enterprise
Ready to upgrade your policy management capabilities?
- AWS Marketplace: One-click deployment
- Contact Sales: [email protected]
Related
- Policy Hierarchy - Understanding tier inheritance
- System Policies - Complete list of 63 system policies
- SDK Methods - Policy CRUD with TypeScript, Python, Go, Java
- Community vs Enterprise - Full feature comparison