Various systems and methods for dynamic access policy provisioning in a connected device framework are described herein. In an example, the techniques for policy provisioning may include resource update access policy automation, directory resource access policy automation, or hidden resources access policy automation, as monitored and operated with an access management service (AMS). In an example, the AMS monitors resources to receive a notification when they change (520). If the change observed is an addition or deletion of a resource object (530), the AMS responds by performing security analysis of devices hosting the new resource(s) (540), which may further result in device onboarding actions (550). The AMS may further respond by evaluating link semantics to determine which other devices and resources may need updated access control list (ACL) policies (560).