§ 07 · PEP — The enforcement layer
Where decisions become actions

Embedded in every page, on every action.

The system feels responsive and natural. Authorized actions work instantly. Unauthorized actions are blocked with a clear explanation — no cryptic errors.

On page load Page · Authorize

Can you even see this page?

A trader opens Finance Trading. PEP checks the role. If denied, the trader sees the reason and how to resolve it — never a blank screen.

On action Action · Deny

Can you do this thing?

A trader clicks "Execute Trade." PEP routes the request through the PDP. If a policy denies, the trade does not execute — and the trader sees which policy blocked them.

On navigation Menu · Filter

Should you even know this exists?

Each employee sees only the pages their role permits. A trader never sees the HR Portal. An HR specialist never sees the trading dashboard.

Previous06 · PDP — The policy engine