The policy service allows to break a search in the partition
We've figured out that uploading a policy rule that blocks all searches in the tenant is possible. Policy service for such cases doesn't provide any tools for verification of the new rule, troubleshooting the existing rules, or rollback of the applied rules. That leads to potential issues with any new production environments. Please consider the following solutions:
- Add to the policy service a checker for new rules
- Add a history for all applied rules with rollback options
- disable creating/updating policy rules via API and delegate it on the infrastructure level (as legal service uses)
I really appreciate any other options that allow us to manage policy service in the production environment