1
Intake
Capture the request, object type, source connector, requester, and review mode.
policy_alert Security Governance
Policy Engine
The policy engine is the decision layer for DAMA. It evaluates request risk, review mode, separation-of-duties, and connector health before a request moves into provisioning.
Auto review
Manual review
Exception blocks
Provisioning handoff
Requests evaluated
—
Auto Review Rate
—
Open Exceptions
—
SoD Blocks
—
Policy Decision Queue
Requests that were evaluated, routed, or blocked by the engine before provisioning.
| Request | Object | Risk | Review Mode | Decision | Policy Note |
|---|---|---|---|---|---|
Loading live policy decisions... |
|||||
Policy Evaluation Flow
The engine normalizes the request, evaluates the controls, and sends reviewed requests to provisioning.
2
Evaluate
Check risk, SoD, owner coverage, expiration, and connector health before the request moves forward.
3
Decide
Route the request to auto review, manual review, or a hard block when a policy is violated.
4
Provision
Reviewed requests are handed off to the provisioning queue and executed by the worker service.
5
Reconcile
Store the result, track retries, and write the audit evidence back into the workflow record.
Any request that cannot satisfy the policy rules should stay out of the provisioning queue until it is reviewed or corrected.
Active Rule Set
Policy rules currently shaping review and provisioning decisions.
Birthright access
Auto
Low-risk onboarding requests from HR can auto-clear when the manager and department are present.
Privileged groups
Manual
Tier 0, admin, and broad-access groups require manual review and a named owner.
Separation of duties
Block
Requests that combine requester, decision authority, and fulfillment rights are blocked until an exception is granted.
Connector health
Hold
If the downstream worker or connector is degraded, requests stay in review or retry instead of queueing blindly.
Temporary access
Expire
Short-lived elevated access must have an expiry, review date, and a clear rollback path.
Exceptions & Escalations
Requests that need a human decision, policy override, or retry.
Loading live exceptions...
Decision Mix
How the engine is classifying requests across the current review window.
Auto-reviewed—
Waiting for live policy data.
Manual review—
Waiting for live policy data.
Blocked—
Waiting for live policy data.
Retry pending—
Waiting for live policy data.