Write Complex Policies—Visually or in Code
Keymate's Expression Editor brings together the power of a custom DSL engine and the simplicity of visual editing—so both security teams and delegated admins can define precise, testable, and scoped authorization policies.
Fast, Safe, and Human-Readable Policy Authoring for All Teams
Why We Built a Dual-Mode Editor
IAM policies are too important to leave to raw code—or too constrained by visual-only tools. Keymate bridges both worlds with a secure, dual-mode editor built for real-world governance scenarios: Autocomplete and real-time validation. Sandbox execution for safe testing. Visual-to-DSL toggling without loss. Inline docs, i18n-supported tooltips, and versioning. Native understanding of session, org, tenant, risk, and data context. Compatible with OpenFGA and custom token/session enrichment.
Dual-Mode Policy Authoring
Secure, dual-mode policy editor that bridges visual simplicity with DSL power for enterprise governance scenarios.
Example: Visual editor and DSL engine working together seamlessly
Key Components:
Write Once, Understand Everywhere—Visual or Code
Whether you're a security engineer, tenant admin, or compliance officer, the editor adapts to your role: Visual mode offers no-code policy building with drag-and-drop conditions. DSL mode supports fine-grained logic with full control. Toggle anytime—the policy logic is preserved. Real-time simulation gives feedback before activation. Context-aware vocabulary ensures accurate and scoped decisions.
Adaptive Policy Editor Interface
Adaptive policy editing interface that preserves logic integrity while switching between visual and code modes.
Example: Role-based editing with visual-DSL synchronization
Key Components:
What Makes It Unique
Dual-Mode Authoring (Visual + DSL)
Switch freely between UI and code-based editing
Custom Keymate DSL Engine
Secure, extensible policy language with typed vocabulary for tokens, resources, sessions, tenants, organizations, user/org attributes, risk context, and data classifications
Autocomplete & Validation
Real-time suggestions, syntax checks, and inline docs
i18n Tooltips & Help
Language-aware support for global policy authors
Safe Sandbox Execution
Simulate access checks without touching live environments
Policy Diff & Versioning
Track changes and roll back with audit trail visibility
Environment Isolation
Author and test policies in Dev, Test, or Prod contexts
Debug-Friendly Simulation Panel
Input tokens and resource samples, trace match logic live
What Is Keymate DSL and Why It's Different?
Keymate DSL is a secure domain-specific language tailored for access control and built with extensibility in mind. It supports: token, resource, session context. tenant and organization scopes. Dynamic user attributes (e.g., user.region, user.clearance). Organization attributes (e.g., org.sensitivityLevel). Risk signals for RADAC (e.g., risk.score, session.ip). Data classification for DSAC (e.g., resource.pii, resource.owner). The vocabulary grows with your access model—ensuring secure, expressive, and testable policies across all environments.
Keymate DSL Architecture
Secure domain-specific language designed specifically for access control with extensible vocabulary that grows with your access model.
Example: Comprehensive policy language for modern IAM
Key Components:
Frequently Asked Questions
How to Use This Feature
Getting started with the visual expression editor and DSL support.