Policies Overview
Policies Overview
Section titled “Policies Overview”dbward uses four policy types to control what happens when a database operation is requested. Each policy type answers a different question.
The four policies
Section titled “The four policies”| Policy | Question it answers | Configured in |
|---|---|---|
| Workflow | Who must approve this operation? | [[workflows]] |
| Execution Policy | What constraints apply during execution? | [[execution_policies]] |
| Result Policy | How long are results kept and who can access them? | [[result_policies]] |
| Notification Policy | Which webhooks fire for which events? | [[notification_policies]] |
Scoping model
Section titled “Scoping model”All policies are scoped by database × environment × operation:
[[workflows]]database = "app" # or "*" for all databasesenvironment = "production" # or "*" for all environmentsoperations = ["execute_dml"] # optional filterWhen multiple policies could match a request, dbward uses this priority:
- Exact database + exact environment
- Wildcard database + exact environment
- Exact database + wildcard environment
- Wildcard database + wildcard environment
Within the same specificity, policies with operations filter take priority over those without.
Fail-closed principle
Section titled “Fail-closed principle”If no workflow matches a request, it is rejected.
This means every (database, environment) pair that should accept operations must have at least one matching workflow — even if that workflow auto-approves everything.
# Allow all operations on development (no approval needed)[[workflows]]database = "*"environment = "development"# steps = [] means auto-approveOperations
Section titled “Operations”The five operation types that policies can filter on:
| Operation | Triggered by |
|---|---|
execute_select | SELECT, SHOW, EXPLAIN queries |
execute_dml | INSERT, UPDATE, DELETE, DDL |
migrate_up | dbward migrate up |
migrate_down | dbward migrate down |
migrate_status | dbward migrate status |
How policies interact
Section titled “How policies interact”When a request arrives:
1. SQL classification → Determine operation type (execute_select / execute_dml)2. Workflow matching → Find approval requirements3. Auto-approve check → Skip approval if risk is low enough4. Execution policy → Apply timeout, row limit, retry constraints5. Result policy → Determine retention and access rules6. Notification policy → Fire webhooks for relevant eventsSee also
Section titled “See also”- Workflows — configure approval requirements
- Auto-Approve — skip approval for safe queries
- Execution Policies — set timeouts and limits
- Result Policies — control result retention
- Notification Policies — configure event notifications