Policy Workbench & Simulation Panel: Granular View / Access Control

Enable granular, role-based access control for the Policy Workbench and Policy Simulation Panel, allowing non-account (non-root) administrators to:

• View policy sampling results on a per-policy basis

• Access sampled input data (where permitted)

• Have read-only access to the Policy Simulation Panel

Doc referenced:

https://docs.spacelift.io/concepts/policy#is-policy-sampling-safe

Requested Enhancement

Introduce granular RBAC controls for policy-related tooling, such as:

1. Per-Policy Sampling Access

   • Ability to grant sampling visibility on a per-policy basis.

   • Scoped access tied to specific policies, stacks, or spaces (if applicable).

2. Read-Only Policy Simulation Access

   • Allow designated roles to:

     • View policy code

     • View simulation inputs and outputs

     • View sampling results

   • Without:

     • Editing policies

     • Modifying sampling settings

     • Gaining root-level privileges

3. Role-Based Controls

   • New permission(s), e.g.:

     • policy:read_simulation

     • policy:read_sampling

   • Assignable to custom roles.