Enforcement Levels

Enforcement levels are a first class concept in Sentinel allowing pass/fail behavior to be associated separately from the policy logic. This enables any policy to be a warning, allow overrides, or be absolutely mandatory. Because this level is not part of the policy body itself, different uses of the same policy can have different enforcement levels.

Sentinel has three enforcement levels:

• Advisory: The policy is allowed to fail. However, a warning should be shown to the user or logged. Advisory is the default enforcement level.

• Soft Mandatory: The policy must pass unless an override is specified. The semantics of "override" are specific to each Sentinel-enabled application. The purpose of this level is to provide a level of privilege separation for a behavior. Additionally, the override provides non-repudiation since at least the primary actor was explicitly overriding a failed policy.

• Hard Mandatory: The policy must pass no matter what. The only way to override a hard mandatory policy is to explicitly remove the policy. It should be used in situations where an override is not possible.

Configuring Enforcement Levels

Enforcement levels are configured when a policy is deployed to a Sentinel-enabled application. The exact mechanism that the level is specified is determined by each application. Please reference the documentation for your Sentinel-enabled application for more information.

Enforcement levels are not configured and are not known by the policy body itself. All policies should be written to describe exactly the behavior they're attempting to control. For example, a policy that restricts deploys to business hours should be written exactly like so. When that policy is configured on an application, the operator may specify that it is advisory, soft, or hard mandatory.