Policy Simulator

The Simulator page lets you test policy evaluation without making real requests. It is available to superusers only.

Using the Simulator

Select a user to simulate
Enter an action (e.g., collections:read)
Enter a resource (e.g., posts)
Click Simulate

The simulator runs the full evaluation flow and shows:

Result — whether the action would be allowed or denied
Matched statements — which statements matched the action and resource, from which policies, and through which attachment path (direct, role, or group)

API Equivalent

The simulator uses the simulate endpoint under the hood:

bash

curl -X POST http://localhost:8090/api/iam/simulate \
  -H "Content-Type: application/json" \
  -d '{"user_id": "USER_ID", "action": "collections:read", "resource": "posts"}'

TIP

Use the simulator to debug unexpected Deny results. The matched statements trace shows exactly which statement caused the denial and where it came from.

Policy Simulator ​

Using the Simulator ​

API Equivalent ​

Policy Simulator

Using the Simulator

API Equivalent