Policy Rules

Policy rules let organization admins control tool usage across their team. Set up automatic blocks, approvals, or notifications based on tool actions and parameters.

Overview

Policy rules evaluate every tool call against your defined conditions. When a rule matches:

Action	Behavior
Block	Prevents the tool call from executing
Require Approval	Queues for admin approval before executing
Notify	Executes but sends alert to admins
Log Only	Executes with enhanced audit logging

Creating a Policy Rule

1. Go to Admin → Policy Rules

   Navigate to switchboard.fpdigital.ai/admin/policies

2. Click “Create Rule”

3. Define conditions

   Select what triggers the rule (service, tool, parameters)

4. Set the action

   Choose block, require approval, notify, or log only

5. Activate the rule

Condition Types

Service-Level

Apply to all tools within a service:

condition:
  service: quickbooks
action: require_approval
reason: "Financial data access requires approval"

Tool-Level

Apply to specific tools:

condition:
  tool: gmail_send
action: notify
reason: "External email sent"

Parameter-Based

Apply based on tool parameters:

condition:
  tool: slack_send_message
  parameters:
    channel_contains: "external"
action: require_approval
reason: "Messages to external channels need approval"

Example Policies

Block Sensitive Financial Operations

name: Block Financial Deletes
condition:
  service: quickbooks
  tool_pattern: "*delete*"
action: block
reason: "Deletion of financial records is not permitted"

Require Approval for External Communication

name: External Email Approval
condition:
  tool: gmail_send
  parameters:
    to_domain_not: "yourcompany.com"
action: require_approval
reason: "External emails require manager approval"

Notify on Large Data Exports

name: Large Export Alert
condition:
  tool: drive_export
  parameters:
    result_count_gt: 100
action: notify
reason: "Large data export detected"

Rule Priority

Rules are evaluated in order of specificity:

1. Exact tool match — Most specific
2. Tool pattern match — *delete*, *send*
3. Service-level — Applies to entire service
4. Global — Applies to all tools

The first matching rule is applied. Place more specific rules before general ones.

Approval Workflow

When a tool call requires approval:

1. User initiates tool call
2. Fp Switchboard queues the request
3. Admin receives notification
4. Admin reviews in dashboard
5. Admin approves or denies
6. User receives result (or denial notice)

Note

Pending approvals expire after 24 hours by default. Configure this in organization settings.

Managing Rules

Viewing Active Rules

Go to Admin → Policy Rules to see all rules with:

• Rule name and description
• Trigger count (how often it’s matched)
• Last triggered timestamp
• Status (active/paused)

Editing Rules

1. Click on a rule
2. Modify conditions or actions
3. Save changes

Changes take effect immediately.

Pausing vs Deleting

• Pause — Temporarily disables the rule, keeps history
• Delete — Permanently removes the rule and its history

Audit Integration

All policy rule evaluations are logged:

{
  "timestamp": "2024-01-15T10:30:00Z",
  "user": "user@company.com",
  "tool": "gmail_send",
  "rule_matched": "External Email Approval",
  "action_taken": "require_approval",
  "status": "pending"
}

View these logs in Admin → Audit Logs, filtered by “Policy Events”.

Best Practices

1. Start with notify — Observe patterns before blocking
2. Document reasons — Clear explanations help users understand restrictions
3. Review regularly — Adjust rules based on actual usage patterns
4. Test rules — Use a test account to verify rules work as expected
5. Layer rules — Combine general and specific rules for flexibility