UiPath Access Policy Governance

Preview — skill is under active development; surface and behavior may change.

Skill for authoring UiPath access policies of type ToolUsePolicy via the uip gov access-policy CLI. The ToolUsePolicy type governs tool-use / resource-use inside Agents and workflow automations: when an Actor Process tries to invoke a child Resource/Tool, the policy decides whether the call is allowed. The uip gov access-policy surface returns other policy types as well, but they are out of scope for this skill.

Scenario this skill governs

When an Actor Process (an executable workflow — Maestro, Flow, Case Management, or Agent) invokes a child Resource/Tool (another Agent, Maestro, Flow, Case Management, API Workflow, or RPA) as a tool use, the PDP evaluates every applicable access policy and returns an aggregate Allow / Deny decision. This skill authors those policies.

A policy decides its per-call outcome from three rule blocks — Selection Rule (selectors[]), Actor Process Rule (executableRule), and Actor Identity Rule (actorRule). See Key Concepts § The three rule blocks for the full structural shape and constraints.

Evaluation flow for a single tool-use request:

1. PDP selects every policy whose Selection Rule matches the Resource/Tool.
2. For each selected policy, the PDP evaluates its Actor Process Rule AND Actor Identity Rule against the request. Both pass ⇒ the policy contributes Allow; otherwise it does not contribute (no-match).
3. Aggregation: if any non-simulated policy contributes Allow, the final enforcement is Allow. Otherwise the request falls through to the runtime default (Deny / NoOp). enforcement: "Deny" is not authorable — Deny is the runtime default when no Allow policy matches (Critical Rule #2).
4. Policies with status: "Simulated" are evaluated but excluded from aggregation (see Key Concepts § Enforcement and status).

Terminology. A Governance Access Policy is the broad category — uip gov access-policy can list, get, evaluate, or delete policies of multiple types. This skill authors the ToolUsePolicy type, which gates resource-vs-executable tool use. Access policies are distinct from Automation Ops Governance Policies (product runtime / design-time behavior for Studio, StudioX, Assistant, Robot, AI Trust Layer, …), handled by the sibling uipath-gov-aops-policy skill. For product settings, route there.