# Configuring Security Policies ## Overview Security Policies in Welkin implement **Attribute-Based Access Control (ABAC)**, allowing administrators and implementers to define fine-grained rules that control what data users can access. Policies are configured in the Designer and applied to user roles. For setup steps, see [Setup Security Policies](/designer/security/setup-security-policies.md). For detailed policy rule reference, see [Security Policy Detail](/designer/security/security-policy-detail.md). *** ## What Security Policies Control Security policies define access at the data level – not just which pages a user can see, but which specific records, fields, and actions they can perform. For example: * A care manager can only see patients assigned to their care team * A supervisor can view all patients in their region * An admin can view all patients across all regions *** ## Key Concepts **Attributes** – properties used to evaluate access rules, such as: * Patient region or territory * Care team membership * Program enrollment * User role **Rules** – conditions that must be true for access to be granted. Rules can combine multiple attributes using AND/OR logic. **Scope** – whether the policy applies to individual records, all records of a type, or a filtered subset. *** ## Applying Policies to Roles Once a policy is created in the Designer: 1. Navigate to **Roles** in the Admin Portal or Designer. 2. Edit the relevant role. 3. Under **Security Policies**, attach the appropriate policy. 4. Publish the change. Users assigned to that role will have their data access governed by the attached policy. *** ## Publishing Security policy changes require a draft and publish cycle in the Designer before they take effect in the Care Portal. *** ## Related Topics * [Setup Security Policies](/designer/security/setup-security-policies.md) – step-by-step configuration guide * [Security Policy Detail](/designer/security/security-policy-detail.md) – detailed policy rule reference * [Security Policies: Attribute Based Access Control](https://welkin-health-1.gitbook.io/welkin-health-docs/admin/security-policies) – ABAC overview in Admin * [Defining Regions and Territories](/designer/security/defining-regions-and-territories.md) – region/territory attributes * [Roles](https://welkin-health-1.gitbook.io/welkin-health-docs/care/roles) – user roles in Care --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.welkinhealth.com/designer/security/configuring-security-policies.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.