Skip to main content

ACCESS_DENIED

Encountering an error? Get help with AI tools

Error Cause

The request was denied by the Gateway Policy . CloudBase evaluates the OPA authorization policy on every incoming request, making an allow/deny decision based on three categories of information: user identity, HTTP request, and environment context. If the policy evaluation results in deny = true or allow = false, the gateway rejects the request and returns this error.

Possible reasons include:

  1. A deny rule in the user policy explicitly matches the current request;
  2. The request does not satisfy the allow conditions in the user policy, and the platform default policy does not allow it either;
  3. The user is not logged in or the identity does not meet the policy requirements (e.g., the policy requires authenticated users);
  4. The request's source IP, path, or HTTP method is outside the scope allowed by the policy.

Solution

  1. Go to the Gateway Policy page to review the current policy configuration and adjust it according to your business requirements;
  2. For the platform default policy, refer to Appendix A: Platform Default Policy.