Skip to content
Layeron Doc

Overview

Policy is Layeron’s shared rule layer for authorization and data protection. Auth identifies the subject. Policy decides what that subject can do to a resource in a specific context.

The core decision model is:

Terminal window
subject + action + resource + context -> decision

With Policy, you can:

  • Declare allow and deny rules in application code.
  • Match actions, resources, subjects, and request context.
  • Evaluate decisions in application code.

Example

Section titled “Example”
Terminal window
import { policy } from "@layeron/modules"


const appPolicy = policy({
  name: "app",
  rules: [{
    id: "admins-read",
    effect: "allow",
    subjects: ["role:admin"],
    actions: ["resource.read"],
    resources: ["resource:*"],
  }],
})


const decision = await appPolicy.evaluate({
  subject: {
    kind: "user",
    id: "user_1",
    roles: ["admin"],
  },
  action: "resource.read",
  resource: {
    type: "resource",
    id: "resource_123",
  },
})

Use can(...) when you only need true or false. Use require(...) when you want Policy to throw on denial.

Next Steps

Section titled “Next Steps”
  • Get started: Create a policy, register it, and evaluate a decision.
  • Examples: Apply owner-only, role-based, tenant-isolation, deny-overrides-allow, and can versus require patterns.
  • Feature Flags policy: See how a product uses Policy to protect read, publish, history, rollback, and admin actions.
  • API reference: Review Policy subjects, resources, context, decisions, audit options, and module methods.