Policy Management

Policies define the security boundaries that govern how PAM-Pro manages privileged accounts. They control rotation schedules, access windows, approval requirements, and which accounts they apply to. Policies are evaluated in priority order - lower numbers take precedence.

The Policy dashboard shows all active policies with their priority, rotation settings, assignments, and status. Use the Simulator button to test how your policy stack will behave before making changes live.

Policy Priority

Each policy has a numeric priority. Priority 1 is evaluated first. If an account matches multiple policies, the most specific (lowest priority number) wins. The Global Default Policy should always be your highest-numbered (lowest priority) policy - it acts as the catch-all for accounts that do not match a more specific rule.

Creating a Policy

Click + Create Policy to open the policy creation dialog. See the Adding a Policy guide for a full walkthrough of all available fields.

Using the Simulator

Before activating a new policy, click Simulator to run a dry-run against your current account directory. The simulator shows which accounts will be affected by the new rules without making any live changes. This prevents accidental lockout or misconfiguration.

Editing and Deactivating Policies

Use the edit icon on any policy row to modify its settings. Toggle the Active/Inactive status to disable a policy without deleting it. Inactive policies are ignored during evaluation but remain available for reactivation.

Technical Detail: Policies always default to the most restrictive boundary when conflicts occur between overlapping rules. Zero-Trust is the default state.