File tree Expand file tree Collapse file tree
content/manuals/ai/sandboxes/governance Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -38,9 +38,9 @@ either `network` or `filesystem`.
3838Each organization policy applies either across the whole organization or only
3939to specific teams. The policy's scope determines which members it applies to:
4040
41- - ** Org-wide** : with no teams assigned, the policy applies to every member of
42- the organization.
43- - ** Team-scoped** : with one or more teams assigned, the policy applies only to
41+ - Org-wide: with no teams assigned, the policy applies to every member of the
42+ organization.
43+ - Team-scoped: with one or more teams assigned, the policy applies only to
4444 members of those teams.
4545
4646Teams are the same [ teams] ( /manuals/admin/organization/manage/manage-a-team.md )
Original file line number Diff line number Diff line change @@ -105,15 +105,15 @@ A user receives every org-wide policy plus every team-scoped policy for a team
105105they belong to. The rules from all of these policies are combined and evaluated
106106together:
107107
108- - ** Allows are additive. ** A request is allowed if any of the user's effective
108+ - Allows are additive: a request is allowed if any of the user's effective
109109 policies allow it.
110- - ** Denies are absolute. ** A request is blocked if any of the user's effective
110+ - Denies are absolute: a request is blocked if any of the user's effective
111111 policies deny it.
112112
113- Because deny always wins, a deny rule in an ** Organization ** -scoped policy acts
114- as a guardrail that ** Teams ** -scoped policies can't override. Keep rules that
115- must apply everywhere in an organization-scoped policy, and use team-scoped
116- policies to grant extra access to specific teams.
113+ Because deny always wins, a deny rule in an organization -scoped policy acts as a
114+ guardrail that team -scoped policies can't override. Keep rules that must apply
115+ everywhere in an organization-scoped policy, and use team-scoped policies to
116+ grant extra access to specific teams.
117117
118118For example, an organization-scoped policy can deny a category of domains for
119119everyone, while a team-scoped policy grants a research team access to additional
You can’t perform that action at this time.
0 commit comments