This powerful enhancement gives organizations granular control over user access and data visibility. Employees will seamlessly interact with only the requests, dashboards,  and data relevant to their roles, enhancing security, compliance, and operational efficiency.

1. Go to the new "Policy Management" tile under Access Management (available only to admins with the Manage Access Policies privilege)
2. Click “Create Policy”
3. Enter a Policy Name and Policy Description to define the purpose of the policy.
4. Under Rules, select: 
   1. Rule Set Type (defines the area of the system the rule applies to, e.g., Insights, Requests).
   2. Privilege Type (determines the access level and data restrictions that apply to a user)
      View Insights: Controls the data a user can see within Insights.
      Access Reporting Insights: Restricts which dashboards a user can view within Insights.
      View All Requests: Limits the data visible in the "View All Requests" table.
      Request Tiles: Defines which request types a user is allowed to submit.
5. Add Conditions to specify how data or access should be restricted.
   For example, you could create two conditions: 
   1. Restrict Reporting Insights so a user can only see COI requests where the submitter’s country is Canada. 
   2. Then, restrict View All Requests so a user can only see COI requests where the submitter’s country is Canada. 
6. Click “Submit Policy.”
7. After saving, the Users tab will open, allowing you to search for and manually select users who should be assigned the policy.
   Note: Currently, rules cannot be automatically assigned to users in a particular group (e.g., all users in the Finance department). Admins must manually add any new users who should be assigned the policy.
8. Click “Save User Assignment(s).”

Now, the users assigned to this particular policy will only be able to view COI request data within Reporting Insights and View All Requests where the submitter’s country is Canada.  Note: "Canada" is based on the submitter’s country at the time the request was last submitted or reassigned to a new submitter.