Authorization
Policies
3 min read·Updated Apr 29, 2026
The Policies page (under Authorization → Manage) holds reusable bundles of permissions. Roles attach policies to compose effective access — and the same policy can attach to many roles, so editing it once updates every role that uses it.
# Create a policy
curl -X POST https://your-app.authaz.io/api/v1/applications/{appId}/policies \
-H "X-API-Key: $AUTHAZ_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Invoices Writer",
"description": "Create, read, update, and send invoices.",
"permissions": [
"invoices:create",
"invoices:read",
"invoices:update",
"invoices:send"
]
}'The dashboard lists every policy with its name, description, permission count, and the number of roles it's attached to.
What's in a policy#
- name and description — what shows up in the role editor when you're picking what to attach.