Overview

In Beehive various services consumes Policy framework to define policies. Records Management service creates policies to govern artifact lifecycle management; Audit service creates policies to audit the activity of the users based on certain criteria. As more and more types of policies getting created, we have a need to classify the policies so that we can have the ability to slice the policies by type.
We can also enforce different access control requirement for each type of policies if service decide do so. This way we can let different service administrators to manage different set of policies. This will also satisfy the requirement if the services have specific UI to manage the policies and they do not want generic policy UI to manage those policies.
We will let the services to define new policy types and provide the privilege need to be checked to manage the policies of that type. If the services do not provide the privilege, then any user who has "POLICY_MGR" privilege can manage those policies.
All the policy objects including Policy Action, policy schema, policy template and Policy will have an extra attribute policy type. Policies can be created either from policy schema or can be directly created with rules without using policy schema. Policy actions are seeded out of the box and each of the action belongs to specific type.
Here are the certain rules applied if you define the policy objects of a specific policy Type:

• If you are defining policy schema, all the rule definitions of the schema should be using the policy action of the same type.
• If you are defining the Policy without using the policy schema, all the rules should be using the policy action of the same type.