What Is an Authorization Policy?
An authorization policy is a rule set that controls service-to-service access in a mesh, granting or denying requests based on the callers verified identity, source, method, and path. It builds on the strong identity that mutual TLS provides. Policies can default to deny, so only explicitly allowed traffic flows.
Why it matters
Authorization policies enforce least-privilege between services, so a compromised workload cannot freely call everything. They turn network identity into access control.
Related guides
What Is Peer Authentication?Peer authentication configures whether workloads must use mutual TLS for inbound traffic, setting the identit…
What Is Service Mesh mTLS?Service mesh mTLS is automatic mutual TLS between workloads, where the mesh sidecars encrypt and authenticate…
What Is Network Segmentation?Network segmentation divides a network into isolated zones with controlled traffic between them, limiting how…