Agentic AI Governance

Coming VERY Soon to Keeper EPM!

Agentic Access Policy JSON Example

{
  "PolicyId": "local-test-agentic-access-operator-approval-any-app-ai50-001",
  "PolicyName": "LOCAL TEST – AgenticAccess OPERATORAPPROVAL for any app with AI ≥ 50%",
  "PolicyType": "AgenticAccess",
  "Status": "enabled",
  "Actions": {
    "OnSuccess": { "Controls": ["OPERATORAPPROVAL"] },
    "OnFailure": { "Command": "deny" }
  },
  "NotificationMessage": "Local test – any application with high AI likelihood requires operator approval (agentic access).",
  "NotificationRequiresAcknowledgement": false,
  "RiskLevel": null,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "User not in policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "ApplicationCheck",
      "ErrorMessage": "Application not in policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckFile(false)"
    }
  ],
  "UserCheck": ["*"],
  "MachineCheck": ["*"],
  "ApplicationCheck": ["*"],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {
    "pendingControlsJobId": "agentic-policy-controls",
    "agenticOverlay": true,
    "minAiLikelihoodPercent": 50,
    "grantDurationOptions": [60, 240]
  }
}

If grantDurationOptions is omitted, the grant will only be extended for the immediate request.

Last updated 18 days ago

{
  "PolicyId": "local-test-agentic-access-operator-approval-any-app-ai50-001",
  "PolicyName": "LOCAL TEST – AgenticAccess OPERATORAPPROVAL for any app with AI ≥ 50%",
  "PolicyType": "AgenticAccess",
  "Status": "enabled",
  "Actions": {
    "OnSuccess": { "Controls": ["OPERATORAPPROVAL"] },
    "OnFailure": { "Command": "deny" }
  },
  "NotificationMessage": "Local test – any application with high AI likelihood requires operator approval (agentic access).",
  "NotificationRequiresAcknowledgement": false,
  "RiskLevel": null,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "User not in policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "ApplicationCheck",
      "ErrorMessage": "Application not in policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckFile(false)"
    }
  ],
  "UserCheck": ["*"],
  "MachineCheck": ["*"],
  "ApplicationCheck": ["*"],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {
    "pendingControlsJobId": "agentic-policy-controls",
    "agenticOverlay": true,
    "minAiLikelihoodPercent": 50,
    "grantDurationOptions": [60, 240]
  }
}