hashicorp · trujillo-adam · Apr 3, 2026 · Apr 3, 2026 · Apr 3, 2026 · Apr 3, 2026
@@ -42,6 +42,7 @@ The following table summarizes the available organization-level permission categ
 | [Settings permissions](#settings-permissions) | Control access to governance and infrastructure tools. |
 | [Private registry permissions](#private-registry-permissions) | Control access to the organization's private registry. |
 | [Public registry permissions](#public-registry-permissions) | Control access to the public registry. |
+| [Policy overrides](#policy-overrides) | Controls teams’ ability to override failed policy checks for policies with an enforcement level set to **Soft mandatory**.   |
 
 ## Project permissions
 
@@ -214,7 +215,6 @@ The following permissions control access to governance and infrastructure tools.
 | Permission name | Description |
 |-----------------|-------------|
 | [Manage policies](#manage-policies) | Create, edit, read, list and delete Sentinel policies |
-| [Manage policy overrides](#manage-policy-overrides) | Override soft-mandatory policy checks |
 | [Manage run tasks](#manage-run-tasks) | Create, edit, and delete run tasks |
 | [Manage version control settings](#manage-version-control-settings) | Manage VCS providers and SSH keys |
 | [Manage agent pools](#manage-agent-pools) | Create, edit, and delete agent pools |
@@ -229,12 +229,6 @@ This permission implicitly gives permission to read runs on all workspaces, whic
 
 Allows members to create, edit, and delete run tasks on the organization.
 
-### Manage policy overrides
-
-Allows members to override soft-mandatory policy checks.
-
-This permission implicitly gives permission to read runs on all workspaces, which is necessary to override policy checks.
-
 ### Manage VCS settings
 
 Allows members to manage the set of [VCS providers](/terraform/cloud-docs/vcs) and [SSH keys](/terraform/cloud-docs/vcs#ssh-keys) available within the organization.
@@ -321,6 +315,34 @@ Allow members to publish and delete providers for the organization in the public
 
 <!-- END: TFC:only name:public-registry -->
 
+## Policy overrides
+
+Policy override settings only apply to policies that have a **Soft mandatory** enforcement level. Refer to [Policy enforcement levels](/terraform/cloud-docs/policy-enforcement/manage-policy-sets#policy-enforcement-levels) for more information.
+
+| Permission name | Description |
+| --- | --- |
+| [No policy overrides](#no-policy-overrides) | Teams can’t override failed **Soft mandatory** policy evaluations. |
+| [Delegate policy overrides](#delegate-policy-overrides) | Allow project and workspace managers to grant override permissions for **Soft mandatory** policy evaluations. When this setting is enabled, the ability to override failed policy evaluations is disabled by default. Project and workspace managers must manually enable the **Allow policy overrides** setting in their projects and workspaces.  |
+| [Manage policy overrides](#manage-policy-overrides) | Team members can override failed **Soft mandatory** policy evaluations in all workspaces. |
+
+### No policy overrides 
+
+Teams can’t override failed **Soft mandatory** policy evaluations. 
+
+### Delegate policy overrides 
+
+Allow project and workspace managers to grant override permissions for **Soft mandatory** policy evaluations. When this setting is enabled, overriding failed policy evaluations is disabled by default. Project and workspace managers must manually enable the **Allow policy overrides** setting in their projects and workspaces. 
+
+Refer to the [projects](/terraform/cloud-docs/users-teams-organizations/permissions/project#policy-overrides) and [workspaces](/terraform/cloud-docs/users-teams-organizations/permissions/workspace#policy-overrides) team permission references for more information. 
+
+### Manage policy overrides 
+
+Team members can override failed **Soft mandatory** policy evaluations in all workspaces. 
+
+This setting also gives teams read access to all workspaces in the organization. To prevent read access, enable the [**Delegate policy overrides**](#delegate-policy-overrides) setting instead.
+
+Refer to the [projects](/terraform/cloud-docs/users-teams-organizations/permissions/project#policy-overrides) and [workspaces](/terraform/cloud-docs/users-teams-organizations/permissions/workspace#policy-overrides) team permission references for more information.  
+
 ## Organization owners
 
 <!-- BEGIN: TFC:only name:hcp-eu -->

@@ -218,6 +218,14 @@ Allows users to see teams assigned to the project for visible teams.
 
 Allows users to set or remove project permissions for visible teams. Project admins can not view or manage teams with **Visibility** set to **Secret** in their team settings unless they are also organization owners. Refer to [Team visiblity](/terraform/cloud-docs/users-teams-organizations/teams/manage#team-visibility) for more information.
 
+## Policy overrides 
+
+You can configure the following policy override settings for the project.
+
+### Allow policy overrides 
+
+Enable this setting to allow team members to override failed **Soft mandatory** policy evaluations in their project workspaces. Refer to [Policy overrides](/terraform/cloud-docs/users-teams-organizations/permissions/organization#policy-overrides) for more information.
+
 ## Run access
 
 The following table summarizes the available run access permissions for workspaces within the project.

@@ -148,6 +148,13 @@ Allows users to view the values of Terraform variables and environment variables
 
 Allows users to read and edit the values of variables in the workspace.
 
+## Policy overrides 
+
+You can configure the following policy override settings for the workspace.
+
+### Allow policy overrides 
+
+Enable this setting to allow team members to override failed **Soft mandatory** policy evaluations. The **Delegate policy override** setting must also be enabled for the team. Refer to [Policy overrides](/terraform/cloud-docs/users-teams-organizations/permissions/organization#policy-overrides) for more information.
 
 ## State access
 

@@ -63,7 +63,7 @@ You can set an enforcement level for each policy that determines what happens wh
 You can enable one of the following options to set the enforcement level when creating a Sentinel policy:
 
 - **Advisory:** Failed policies never interrupt the run. They provide information about policy check failures in the UI.
-- **Soft mandatory:** Failed policies stop the run, but any user with [Manage Policy Overrides permission](/terraform/cloud-docs/users-teams-organizations/permissions/organization#manage-policy-overrides) can override these failures and allow the run to complete.
+- **Soft mandatory:** Failed policies stop the run, but organization admins can configure the platform to allow team members to override failures so that runs can continue. Organization admins can either let all team members override **Soft mandatory** policy failures or delegate authority to project and workspace managers. Refer to [Policy overrides](/terraform/cloud-docs/users-teams-organizations/permissions/organization#policy-overrides) for more information.
 - **Hard mandatory:** Failed policies stop the run. Unless the set containing the policy is configured to [allow overrides](#allow-policy-level-overrides), Terraform does not apply runs until a user fixes the issue that caused the failure. 
 
 #### Allow policy level overrides