What is a Policy?

A Policy is the rule set attached to a Safe. It decides how much friction a session needs and how much evidence VaultPAM should collect. The Policy layer is what turns a target into a controlled access path instead of a shared password.

The four main axes

1. Approval gate - require one or more approvers before the session can start.
2. Session recording - capture the session for audit and playback.
3. Clipboard control - allow, deny, or restrict copy and paste.
4. MFA step-up - require an additional authentication step at launch or before sensitive actions.

Who sets policy

Admins set policy on the Safe. Operators and evaluators experience the policy at launch time, but they do not author it. That separation keeps the configuration in the hands of the people who own the risk.

Why policy matters

Policy lets you shape the experience around the sensitivity of the target. A low-risk internal console may only need recording. A production domain controller may need approval, recording, clipboard restrictions, and step-up MFA. The same product can support both without changing the underlying Resource or Account.

Related articles

• What is a Safe?
• What is MFA?
• What is an Approval?