here is a little RFC for a Policy.yaml backend module.
Your comments and ideas are very welcome!
Currently it is hard to find out what do you can do with the Policy.yaml. You have to know what you can use as a matcher and so on.
What we plan to do is to create a new little backend module to generate a Policy.yaml. This backend module should be a part of a new Flowpack-Package (e.g. Flowpack.Neos.Security)
With the module, it should be possible to build the Policy.yaml with a form.
Here is a screenshot how it could look like:
We have already begun to implement the package: