The policies resource allows you to manage and apply policies to your data sources. The endpoints and examples provided in this guide are specific to creating global write policies .
POST
/dataSource/{dataSourceId}/access
Manually grants write access to a user.
Copy curl -X 'POST' \
'https://www.organization.immuta.com/dataSource/6/access' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
-d '{
"profileId": 3,
"state": "subscribed",
"accessGrant": "WRITE"
}'
Copy {
"isSubscriptionOverride": true,
"id": 23,
"modelId": "6",
"modelType": "datasource",
"state": "subscribed",
"metadata": {},
"admin": 2,
"denialReasoning": null,
"profile": 3,
"group": null,
"policy": false,
"expiration": null,
"acknowledgeRequired": false,
"createdAt": "2023-10-11T14:43:00.726Z",
"updatedAt": "2023-10-11T14:43:00.726Z",
"accessGrant": "WRITE",
"approved": true
}
Creates a global policy.
Users with specific groups or attributes Individually selected users
The example below grants write access to users with the attribute has.write
and applies the global policy to all data sources.
Copy curl -X 'POST' \
'https://www.organization.immuta.com/policy/global' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
-d '{
"type": "subscription",
"name": "Allow users with specific entitlements to have write access",
"actions": [{
"type": "subscription",
"subscriptionType": "policy",
"accessGrant": "WRITE",
"exceptions": {
"operator": "and",
"conditions": [{
"type": "authorizations",
"authorization": {
"auth": "has",
"value": "write"
}
}]
},
}],
"staged": false
}'
The example below grants users write access when they are individually selected by data owners and applies the policy to data sources with columns tagged Discovered.Person Name
.
Copy curl -X 'POST' \
'https://www.organization.immuta.com/policy/global' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
-d '{
"type": "subscription",
"name": "Data owners grant specific users write access",
"actions": [{
"type": "subscription",
"subscriptionType": "manual",
"accessGrant": "WRITE"
}],
"staged": false,
"circumstances": [{
"type": "columnTags",
"columnTag": {
"name": "Discovered.Person Name",
"displayName": "Discovered . Person Name",
"hasLeafNodes": false
}
}]
}'
Basic example Complex example
Copy {
"policyKey": "Manual global write policy",
"name": "Manual global write policy",
"type": "subscription",
"template": true,
"staged": false,
"systemGenerated": false,
"deleted": false,
"certification": null,
"actions": [
{
"type": "subscription",
"accessGrant": "WRITE",
"description": null,
"allowDiscovery": false,
"subscriptionType": "manual",
"shareResponsibility": false,
"automaticSubscription": false
}
],
"circumstances": null,
"metadata": null,
"clonedFrom": null,
"createdBy": 2,
"id": 4,
"createdAt": "2023-10-10T13:18:37.270Z",
"updatedAt": "2023-10-10T13:18:37.270Z",
"createdByName": "Taylor",
"ownerRestrictions": null
}
Copy {
"policyKey": "Manual global write policy",
"name": "Manual global write policy",
"type": "subscription",
"template": true,
"staged": false,
"systemGenerated": false,
"deleted": false,
"certification": null,
"actions": [
{
"type": "subscription",
"accessGrant": "WRITE",
"description": null,
"allowDiscovery": false,
"subscriptionType": "manual",
"shareResponsibility": false,
"automaticSubscription": false
}
],
"circumstances": [{
"type": "columnTags",
"columnTag": {
"name": "Discovered.Person Name",
"displayName": "Discovered . Person Name",
"hasLeafNodes": false
}
}],
"metadata": null,
"clonedFrom": null,
"createdBy": 2,
"id": 4,
"createdAt": "2023-10-10T13:18:37.270Z",
"updatedAt": "2023-10-10T13:18:37.270Z",
"createdByName": "Taylor",
"ownerRestrictions": null
}
Deletes the specified policy.
Copy curl -X 'DELETE' \
'https://www.organization.immuta.com/policy/global/4' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f'
Gets the specified policy.
Copy curl -X 'GET' \
'https://www.organization.immuta.com/policy/global/4' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f'
Updates the specified policy.
Copy curl -X 'PUT' \
'https://www.organization.immuta.com/policy/global/4' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
-d '{
"type": "subscription",
"name": "Manual global write policy",
"template": true,
"actions": [{
"type": "subscription",
"subscriptionType": "manual",
"description": "This updated policy only applies to data sources tagged Discovered.Healthcare NPI.",
"accessGrant": "WRITE"
}],
"staged": false,
"circumstances": [{
"operator": "or",
"type": "columnTags",
"columnTag": {
"name": "Discovered.Healthcare NPI",
"displayName": "Discovered . Healthcare NPI",
"hasLeafNodes": false
}
}]
}