Manage Write Policies

Write policies API endpoint reference guide

The policies resource allows you to manage and apply policies to your data sources. The endpoints and examples provided in this guide are specific to creating global write policies.

Endpoints

Method
Endpoint
Description

POST

Manually grants write access to a user

POST

Creates a global write access policy

DELETE

Deletes the specified global write access policy

GET

Gets the global policy with the given policy ID

PUT

Updates the specified global policy

POST /dataSource/{dataSourceId}/access

Manually grants write access to a user.

curl -X 'POST' \
    'https://www.organization.immuta.com/dataSource/6/access' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
    -d '{
    "profileId": 3,
    "state": "subscribed",
    "accessGrant": "WRITE"
    }'

Request parameter

Parameter
Description

dataSourceId integer

The unique identifier of the data source.

Body parameters

Response

{
  "isSubscriptionOverride": true,
  "id": 23,
  "modelId": "6",
  "modelType": "datasource",
  "state": "subscribed",
  "metadata": {},
  "admin": 2,
  "denialReasoning": null,
  "profile": 3,
  "group": null,
  "policy": false,
  "expiration": null,
  "acknowledgeRequired": false,
  "createdAt": "2023-10-11T14:43:00.726Z",
  "updatedAt": "2023-10-11T14:43:00.726Z",
  "accessGrant": "WRITE",
  "approved": true
}

POST /policy/global

Creates a global policy.

The example below grants write access to users with the attribute has.write and applies the global policy to all data sources.

curl -X 'POST' \
    'https://www.organization.immuta.com/policy/global' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
    -d '{
    "type": "subscription",
    "name": "Allow users with specific entitlements to have write access",
    "actions": [{
      "type": "subscription",
      "subscriptionType": "policy",
      "accessGrant": "WRITE",
      "exceptions": {
        "operator": "and",
        "conditions": [{
          "type": "authorizations",
          "authorization": {
            "auth": "has",
            "value": "write"
          }
      }]
    },
    }],
    "staged": false
    }'

Body parameters

Response

{
  "policyKey": "Manual global write policy",
  "name": "Manual global write policy",
  "type": "subscription",
  "template": true,
  "staged": false,
  "systemGenerated": false,
  "deleted": false,
  "certification": null,
  "actions": [
    {
      "type": "subscription",
      "accessGrant": "WRITE",
      "description": null,
      "allowDiscovery": false,
      "subscriptionType": "manual",
      "shareResponsibility": false,
      "automaticSubscription": false
    }
  ],
  "circumstances": null,
  "metadata": null,
  "clonedFrom": null,
  "createdBy": 2,
  "id": 4,
  "createdAt": "2023-10-10T13:18:37.270Z",
  "updatedAt": "2023-10-10T13:18:37.270Z",
  "createdByName": "Taylor",
  "ownerRestrictions": null
}

DELETE /policy/global/{policyId}

Deletes the specified policy.

curl -X 'DELETE' \
    'https://www.organization.immuta.com/policy/global/4' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f'

Request parameter

Parameter
Description

policyId integer

The unique identifier of the policy.

Response

GET /policy/global/{policyId}

Gets the specified policy.

curl -X 'GET' \
    'https://www.organization.immuta.com/policy/global/4' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f'

Request parameter

Parameter
Description

policyId integer

The unique identifier of the policy.

Response

PUT /policy/global/{policyId}

Updates the specified policy.

curl -X 'PUT' \
    'https://www.organization.immuta.com/policy/global/4' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
    -d '{
    "type": "subscription",
    "name": "Manual global write policy",
    "template": true,
    "actions": [{
      "type": "subscription",
      "subscriptionType": "manual",
      "description": "This updated policy only applies to data sources tagged Discovered.Healthcare NPI.",
      "accessGrant": "WRITE"
    }],
    "staged": false,
    "circumstances": [{
      "operator": "or",
      "type": "columnTags",
      "columnTag": {
        "name": "Discovered.Healthcare NPI",
        "displayName": "Discovered . Healthcare NPI",
        "hasLeafNodes": false
      }
    }]
    }

Body parameters

Response

Last updated

Was this helpful?