Documentation Experience Platform Access Control Guide

Manage access control policies

Last update: Fri Jan 09 2026 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Access Control

CREATED FOR:

Admin

Access control policies are statements that bring attributes together to establish permissible and impermissible actions. Adobe provides a default policy that can be activated immediately or when your organization is ready to start controlling access to specific objects based on labels. The default policy, Default-Label-Based-Access-Control-Policy, leverages labels applied to resources to deny access unless users are in a role with a matching label.

IMPORTANT

Access control policies should not to be confused with data usage policies, which control how data is used in Adobe Experience Platform. See the guide on creating data usage policies for more information.

Configure policy for a sandbox configure-policy

NOTE

The Default-Label-Based-Access-Control-Policy policy is currently the only one available for configuration.

To begin configuring a policy, navigate to Permissions in Adobe Experience Cloud. Select Policies from the left panel. Select the Default-Label-Based-Access-Control-Policy from the list.

The policies workspace showing a list of existing policies. {modal="regular"}

The policy’s details workspace will appear. Select the Sandboxes. A list of sandboxes associated with the policy are displayed.

The policy's sandbox workspace showing a list of associated sandboxes. {modal="regular"}

Add policy to all sandboxes add-policy-to-all

IMPORTANT

By default, Auto-include is turned on, which means all current and future sandboxes are automatically added to the policy.

Toggle off the Auto-include feature to stop future sandboxes from being automatically added to the policy. Toggling off the feature will not remove any sandboxes from the policy.

The policy's sandbox tab with the Auto-include toggle highlighted and in the "off" state. {modal="regular"}

If Auto-include is not active in a policy, you can use the toggle to turn it back on. The Enable Auto-include dialog appears prompting you to confirm your selection. Select Enable to complete the configuration setting.

NOTE

Any sandboxes you removed from the policy while Auto-include was toggled off will be re-added.

The Enable Auto-include dialog with the Enable option highlighted. {modal="regular"}

Manually select sandboxes for a policy manually-select-sandboxes

To manually add or remove sandboxes to a policy, the Auto-include toggle must be off.

Add sandboxes

To add sandboxes to a policy, select Add Sandboxes.

The policy's workspace with the Add Sandboxes option highlighted. {modal="regular"}

The Add Sandboxes dialog appears. Select the sandbox(es) you wish to add to the policy and then select Save.

The Add Sandboxes dialog with a sandbox selected and the Save option highlighted. {modal="regular"}

NOTE

If all available sandboxes are already added to the policy, you will see a “You have nothing in your library” message within the dialog.

Remove sandboxes

To remove sandboxes from a policy, find the sandbox you wish to remove from the list and then select the X icon.

The policy's sandbox list with an "x" highlighted to remove a sandbox. {modal="regular"}

A confirmation dialog will appear. Select Confirm to finish removing the sandbox from the policy.

A sandbox's confirmation dialog with the Confirm option highlighted. {modal="regular"}

Activate a policy activate-policy

To activate an existing policy, select the policy from the Policies tab in Permissions. The policy’s activation status is visible under the Status section.

The policies workspace with a policy's status highlighted. {modal="regular"}

The policy’s details workspace will display. Select Activate.

The policy's detail workspace with the Activate option highlighted. {modal="regular"}

The Activate Policy dialog appears. Select Confirm to finish activating the policy.

The Activate Policy dialog with the Confirm option highlighted. {modal="regular"}

Next steps

With a policy activated, you can proceed to the next step to manage permissions for a role.

recommendation-more-help

631fcab2-5cb1-46ef-ba66-fe098ac723e0