Contact Us 1-800-596-4880
  1. Homepage
  2. Enhanced MuleSoft Experience
  3. Working with Governance Strategies

  4. Create Governance Strategies

Create Governance Strategies

Governance strategies define which services the system evaluates or enforces policy against and under what conditions. A Control strategy monitors compliance and can block noncompliant activity. An Automated Policy strategy enforces requirements at the gateway or runtime layer. You can create strategies if your tenant includes Governance and you have the required administrator role.

Before You Begin

Before getting started, make sure you have:

  • An Anypoint Platform account.

  • Any of these permissions:

    • API Governance: Governance Administrator

    • API Manager: Manage Policies

    For more information, see Enhanced Experience Permissions.

Also decide whether you need validation-only monitoring or active runtime enforcement. This choice determines the strategy type and the rules or policies to apply.

Open the Strategy Workflow

  1. Log in and go to Governance > Governance Strategies.

  2. Select Create Governance Strategy to start the setup flow.

The setup flow guides you through type, scope, rules or policies, and activation.

Select Strategy Type

Select from these types:

  • Controls validate targeted services against control rules. Use controls to monitor compliance and, when supported, block noncompliant activity.

  • Automated Policy enforces runtime policy requirements across targeted services.

Select the type that matches your governance objective, then proceed.

Define Governance Scope

Configure scope criteria to identify the services that the strategy governs. All criteria are combined to narrow the scope.

Set these filters:

Service Type

Select one or more service types to govern.

Tags

Select tags to include only services that match those tags.

Categories

Select categories to further narrow the scope.

Instances

Filter by instance status:

  • All APIs: Include all matching services regardless of instance status.

  • Include only APIs with instances: Include only services that have at least one associated instance.

  • Only APIs without instances: Include only services with no associated instances.

Use Preview Governed Scope to see which services currently match your criteria before you move forward.

Configure Rules or Policies

Depending on the strategy type, select the rules or policies the strategy enforces:

  • For Controls, select controls from the catalog available in your tenant.

  • For Automated Policy, define runtime details such as gateway runtime, endpoint type, and environment.

Available options depend on your earlier selections and your organization’s enabled products.

Name and Describe the Strategy

Enter a clear Strategy Name, such as "PCI Compliance Rules". Add a Description that states what the strategy enforces and why.

Review and Activate

Review your selections: strategy type, scope, rules or policies, and general information.

Select Create and Activate Strategy.

Strategies are active by default. To disable a strategy, go to Governance Strategies.

After Strategy Activation

  • The system evaluates services that match the scope against the rules or policies in the strategy.

  • For Controls, compliance status appears in conformance reports.

  • For Automated Policy, enforcement runs at the gateway or runtime layer.

  • Edit the strategy from Governance Strategies when scope, rules, or naming change.

Work with your governance lead if strategies affect production services or if rollout timing requires coordination.

See Also