Skip to content
Big ACL Docs

Creating an Authorization Rule

1. Overview

Section titled “1. Overview”

A rule expresses who can perform which action on which resource, optionally under which conditions.
To simplify rule creation, the platform provides:

  • A natural language editor
  • Automatic semantic parsing
  • Entity and attribute auto-detection
  • Generation of equivalent Cedar and Rego policies
  • Validation against your organization’s data model

This workflow eliminates the need to manually write low-level policy code.

2. Natural Language Rule Authoring

Section titled “2. Natural Language Rule Authoring”

The first step is writing the rule using free-form text.
The platform interprets your input using its semantic parser.

Example

Section titled “Example”

A developer can access a repository if at least one of the following conditions is met:

  • they are the owner of the repository
  • they belong to the same team or department as the repository owner
Section titled “Recommended Structure”

While natural language is flexible, the platform performs best when your rule clearly expresses:

  • Principal (the subject)
  • Action
  • Resource
  • Conditions (optional)

Examples:

  • “Managers can approve expense reports.”
  • “Any user may read documents in the public folder.”
  • “Data Stewards can update datasets if they belong to the same department.”

You are not required to reference technical identifiers; the platform resolves human-friendly labels to the underlying entity and attribute IDs.

3. Analysis and Component Extraction

Section titled “3. Analysis and Component Extraction”

Once you submit the natural-language description, Big ACL:

  1. Parses the sentence to detect roles, actions, and resource types.
  2. Matches detected terms to your organization’s canonical data model (entities, attributes, actions).
  3. Identifies conditions, relational patterns, and comparisons (e.g., team equality, ownership checks).
  4. Builds a structured representation of the rule and displays the extracted components.

4. Platform-Generated Policy Code

Section titled “4. Platform-Generated Policy Code”

After extracting the rule structure, Big ACL automatically generates policy code in several formats.

Cedar Representation

Section titled “Cedar Representation”
permit(
  principal is Doctor,
  action in [Action::"READ", Action::"UPDATE"],
  resource is MedicalRecord
)
when {
  principal.hospital = resource.hospital
};