Assigning Access Policy Owners

Last updated: July 1, 2026

You can now assign an owner to each access policy: the person, or people, responsible for keeping it right. Until now, every policy sat with Admins, far from the people who actually know the access a given team or cohort needs. Now Access Policy ownership delegate that day-to-day responsibility to them while you keep control over publishing and activation. Owners edit the access in the policies they own; you handle everything else.

You'll see owners in the policy list and on the policy page.

When to assign an owner

  • You want the person who knows the team to own and maintain the access. A team lead or manager knows best what access their group needs. Hand them the policy that covers their people while admins keep ownership of conditions, publishing and activation.

  • You want fewer back-and-forths. Owners can edit the access in their policy and read the insights right on the page, instead of routing every change through Admins.

What an owner can and can't do

An owner can:

  • View and edit the access (apps and permissions) in policies they own, on both drafts and published policies.

An owner can't:

  • Edit the Conditions when an Access Policy applies

  • Publish a policy or make it active.

  • Rename a policy, or change its business justification.

  • Reassign ownership.

Assign an owner to a single policy

  1. Open the policy from Access Policies.

  2. Click on the Policy you want to Assign an Owner to

  3. You'll see the Policy Owner pre-populated with the Creator of the Policy

    image.png
  4. Click on the Owner to see a dropdown of options for Policy Owner

    image.png
  5. Add one or more users or groups as the owner. The owner field accepts individual users (one or more) and groups. You can set or change the owner both in the Draft and Published state of the Policy.

    image.png
  6. Click Confirm.

  7. Save the Policy.

Assign owners in bulk

  1. Go to Access Policies and open the Published or Drafts tab.

  2. Select the checkboxes next to the policies you want to update.

    image.png
  3. Click Assign Owners in the action bar.

    image.png
  4. Choose the users or groups to assign, then confirm.

    image.png
  5. Confirm

Existing policies and defaults

You don't need to migrate anything. New and existing policies default to their creator as the owner, so nothing starts unowned. Reassign any of them whenever you like.

Track owner changes

Lumos writes every ownership change to the Activity Log, and updates the policy's updated-at date when the owner changes.

image.png