IPermissionPolicy

Interface

Defines a system level policy for a specific permission. All conditions must be met for the permission to be granted. Additinonal conditions may be added by an entity to further limit access when the permission is checed in the contex to the entity. e.g. "hub:project:create" in the context of an Initiative, may further restrict to members of a specfic group

Properties

Property	Type	Notes
permission	Permission	Permission being defined
assertions Optional	IPolicyAssertion[]	More complex policies can be defined with a set of assertions
authenticated Optional	boolean	Must the user authenticated?
availability Optional	HubAvailability[]	Is this permission gated to a specific availability? This is used to limit access to features that are not yet available in production
dependencies Optional	Permission[]	Parent permissions this permission is dependent on
entityConfigurable Optional	boolean	Can an entity provide additional conditions to further limit access?
entityDelete Optional	boolean	Can the user delete the entity being accessed?
entityEdit Optional	boolean	Is the user an owner of the entity being accessed?
entityOwner Optional	boolean	Must the user be the owner of the entity being accessed?
environments Optional	HubEnvironment[]	Is this permission gated to a specific environment? (e.g. devext, qaext) This is used to limit access to features that are not yet available in production
flagValue Optional	boolean	Value set by the feature flagging system to override the default permission behavior. This can be used to demo features to specific users or groups, during a specific user session. If `true`, the permission will be granted as long as the license and privilege requirements are met. If `false`, the permission will be denied for all users - typically as a means to check for graceful degradation if a system is offline.
licenses Optional	HubLicense[]	What licenses are required for this permission to be granted. This is checking the licese of the current user's org. It is not transitive to the entity being accessed. e.g. If a user is in a Partner "hub-basic" org, they can not create "premium" entities (e.g. Projects)
platformVersion Optional	number	Policy will deny access until portal.currentVersion matches or is greater than this value. e.g. `2025.3` This is primarily used to prevent access to features that require coordination with specific ArcGIS Online releases. Do not use this for Enterprise version checks! Given that release cadence, we need to ungate features based on the Enterprise release cycle, and not on specific versions.
privileges Optional	PlatformPrivilege[]	Any platform level privileges required for this permission to be granted e.g. "portal:user:createItem"
releaseAfter Optional	string	Policy will deny access on PROD, until after this date. Format must be ISO Date Time format: YYYY-MM-DDTHH:mm:ss.sssZ This is primarily used to prevent access to features that require coordination with documentation/string translations, which have specific delivery dates.
retireAfter Optional	string	Policy will deny access on PROD, starting after this date. Format must be ISO Date Time format: YYYY-MM-DDTHH:mm:ss.sssZ This is primarily used to allow for deprecation of features, with a known retirement date. This should be used sparingly, and only when there is a clear deprecation path for users.
services Optional	HubService[]	What services are required to be online for this permission to be granted

Interface defined in packages/common/src/permissions/types/IPermissionPolicy.ts:13