@@ -11,18 +11,17 @@ Docker sandbox governance is built around two resource types: **policies** and
1111** rules** .
1212
1313A ** policy** is a named collection of rules that controls sandbox access.
14- Policies exist at different levels:
14+ Policies exist at two levels:
1515
1616- ** Local** : configured per machine using the ` sbx policy ` CLI. Applies to
1717 sandboxes on that machine only.
1818- ** Organization** : configured in the Docker Admin Console or via the
19- [ Governance API] ( /reference/api/ai-governance/ ) . Applies uniformly across every sandbox in the
20- organization.
21- - ** Team** : applies to sandboxes used by a specific team within an
22- organization. Coming soon.
19+ [ Governance API] ( /reference/api/ai-governance/ ) . Applies to sandboxes across
20+ the organization. An organization can have several policies, each applying
21+ either org-wide or to specific teams. See [ Policy scope] ( #policy-scope ) .
2322
24- When multiple levels are active, organization policies take precedence over
25- local policies. See [ Precedence] ( #precedence ) .
23+ When organization governance is active, organization policies replace local
24+ policies entirely . See [ Precedence] ( #precedence ) .
2625
2726A ** rule** is the unit of access control within a policy. Each rule has:
2827
@@ -34,6 +33,32 @@ A **rule** is the unit of access control within a policy. Each rule has:
3433Rules are grouped by domain: all rules in a policy must share the same domain,
3534either ` network ` or ` filesystem ` .
3635
36+ ## Policy scope
37+
38+ Each organization policy applies either across the whole organization or only
39+ to specific teams. The policy's scope determines which members it applies to:
40+
41+ - ** Org-wide** : with no teams assigned, the policy applies to every member of
42+ the organization.
43+ - ** Team-scoped** : with one or more teams assigned, the policy applies only to
44+ members of those teams.
45+
46+ Teams are the same [ teams] ( /manuals/admin/organization/manage/manage-a-team.md )
47+ you manage for your organization. A team-scoped policy references the teams it
48+ applies to, and Docker matches those teams against each user's team membership.
49+ Because assignment follows team membership, you can govern an organization with
50+ thousands of users without configuring policies per user.
51+
52+ An organization can mix org-wide and team-scoped policies. A user's effective
53+ policy set is every org-wide policy plus every team-scoped policy for a team
54+ the user belongs to. See [ Rule evaluation] ( #rule-evaluation ) for how those
55+ policies combine.
56+
57+ A policy can also be bound in time with a validity window, independent of team
58+ scope. A validity window can set a start time, an end time, both, or neither. A
59+ policy with no validity window is always active while governance is enabled for
60+ the organization.
61+
3762## Rule syntax
3863
3964### Network rules
@@ -43,12 +68,12 @@ hostnames, CIDR ranges, or ports.
4368
4469** Hostname patterns**
4570
46- | Pattern | Example | Matches |
47- | ------- | ------- | ------- |
48- | Exact hostname | ` example.com ` | ` example.com ` only, not subdomains |
49- | Single-level wildcard | ` *.example.com ` | One subdomain level: ` api.example.com ` |
50- | Multi-level wildcard | ` **.example.com ` | Any depth: ` api.example.com ` , ` v2.api.example.com ` |
51- | Hostname with port | ` example.com:443 ` | ` example.com ` on port 443 only |
71+ | Pattern | Example | Matches |
72+ | --------------------- | ----------------- | ------------------------------------------- ------- |
73+ | Exact hostname | ` example.com ` | ` example.com ` only, not subdomains |
74+ | Single-level wildcard | ` *.example.com ` | One subdomain level: ` api.example.com ` |
75+ | Multi-level wildcard | ` **.example.com ` | Any depth: ` api.example.com ` , ` v2.api.example.com ` |
76+ | Hostname with port | ` example.com:443 ` | ` example.com ` on port 443 only |
5277
5378` example.com ` and ` *.example.com ` don't cover each other. Specify both if you
5479need to match the root domain and its subdomains.
@@ -63,11 +88,11 @@ Both IPv4 and IPv6 notation are supported: `10.0.0.0/8`, `192.168.1.0/24`,
6388Filesystem rules use the actions ` read ` and ` write ` . Resources are host paths
6489that sandboxes can mount as workspaces.
6590
66- | Pattern | Example | Matches |
67- | ------- | ------- | ------- |
68- | Exact path | ` /data ` | ` /data ` only |
69- | Segment wildcard | ` /data/* ` | ` /data/project ` , one path segment only, not subdirectories |
70- | Recursive wildcard | ` /data/** ` | ` /data/project ` , ` /data/project/src ` , any depth |
91+ | Pattern | Example | Matches |
92+ | ------------------ | ---------- | --------------------------------------------------- ------- |
93+ | Exact path | ` /data ` | ` /data ` only |
94+ | Segment wildcard | ` /data/* ` | ` /data/project ` , one path segment only, not subdirectories |
95+ | Recursive wildcard | ` /data/** ` | ` /data/project ` , ` /data/project/src ` , any depth |
7196
7297Use ` ** ` when you intend to match a directory tree recursively. A single ` * `
7398only matches within one path segment and won't cross directory boundaries.
@@ -76,15 +101,22 @@ matches only direct children of `~`.
76101
77102## Rule evaluation
78103
79- All rules in a policy are evaluated against every request. The outcome follows
80- two principles:
104+ When organization governance is active, the rules from all of a user's
105+ effective policies (every org-wide policy plus every matching team-scoped
106+ policy) are combined and evaluated together against each request. Evaluation
107+ follows two principles:
81108
82109** Deny wins.** If any rule matches with ` decision: deny ` , the request is
83110denied regardless of any matching allow rules.
84111
85112** Default deny.** Outbound traffic is blocked unless an explicit allow rule
86113matches.
87114
115+ Because rules combine across policies, allows are additive (a request is
116+ allowed if any effective policy allows it) and denies are absolute (a request
117+ is blocked if any effective policy denies it). A deny rule in an org-wide
118+ policy therefore acts as a guardrail that no team-scoped policy can override.
119+
88120These principles apply within whichever policy is active. When organization
89121governance is active, only organization rules are evaluated; local rules have
90122no effect.
@@ -101,5 +133,7 @@ whether your organization has governance enabled:
101133 developer machines, and local and kit-defined rules are not evaluated. They
102134 still appear in ` sbx policy ls ` , but with an ` inactive ` status.
103135
104- Within the active policy, deny rules beat allow rules regardless of specificity
105- or order.
136+ When organization governance is active, all of a user's effective
137+ organization policies combine into a single rule set, where deny rules beat
138+ allow rules regardless of which policy they come from, their specificity, or
139+ their order. See [ Rule evaluation] ( #rule-evaluation ) .
0 commit comments