Decision Nodes
Deploy policy decision points for real-time authorization
Decision Nodes are the runtime component of Denied Platform. They evaluate authorization requests against your policies in real-time, returning allow or deny decisions to your applications. This guide covers setup, configuration, and integration.
Overview
A Decision Node is a server that:
- Pulls policies from your Denied project (as OPA bundles)
- Receives authorization requests from your applications
- Evaluates requests against loaded policies using OPA
- Returns allow/deny decisions
- Logs decisions for monitoring and audit
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Your App │────▶│ Decision │────▶│ Denied │
│ │◀────│ Node │◀────│ Platform │
└─────────────┘ └─────────────┘ └─────────────┘
Request Evaluate Pull Policies
Response DecisionUsing the Playground
The Policy Playground in the dashboard sends requests to your configured Decision Node:
- Go to Governance → Playground
- Enter subject, action, and resource details
- Click Evaluate
- View the decision and matched rules
The Playground requires an active Decision Node. If you see errors, check that your Decision Node is running and the URL is correctly configured.
Monitoring
Decision Logs
When telemetry is enabled, all authorization decisions are logged. View them in:
- Go to Monitoring → Logs
- Filter by time period, effect (allow/deny), or search
- Click on entries to see full request details
Related
- Projects — Configure project settings
- Policies — Create authorization policies
- Testing Policies — Test in the Playground