Write Policies Payloads and Response Schema Reference Guide
Manual write access grant payload
The parameters for manually granting write access to a data source without using a policy are outlined in the table below.
profileId integer
The unique identifier of the user to whom you are granting write access.
Required
-
-
state string
The user's role on the data source.
Required
-
expert
owner
subscribed
accessGrant string
The type of access to grant the user.
Required
-
READ
WRITE
Global write policy payload
The parameters for creating a global write policy are outlined in the table below.
type string
The type of policy to create.
Required
-
subscription
name string
The name of the policy.
Required
-
-
template boolean
Specifies whether or not the policy should be available as a template.
Optional
false
true
false
Specifies the policy access type and restriction level. See the array description for details.
Required
-
staged boolean
When true
, the policy is not active or applied to any data sources.
Required
-
true
false
This object specifies the conditions under which the policy applies to a data source. Set the value to null
to enforce the policy only when it is applied by data owners. Do not include this object in your payload to apply the policy to all data sources. See the object description for additional parameters and details.
Optional
By default, the policy applies to all data sources.
-
Actions array
The actions array specifies the policy access type and restriction level. Its child parameters are outlined in the table below.
type string
The type of policy. For write access policies, the type is subscription
.
Required
-
data
subscription
accessGrant string
The type of access the user is granted.
Required
-
WRITE
description string
The description of the policy.
Optional
null
-
subscriptionType string
The restriction level of the subscription policy.
Required
-
approval
: Users are granted access when approved by a specified userautomatic
: Anyone is granted accessmanual
: Individually selected users are granted accesspolicy
: Users with specified entitlements are granted access
Circumstances object
The circumstances object specifies the conditions under which the policy applies to a data source. Its child parameters are outlined in the table below.
operator string
Specifies how to combine the conditions of the policy.
Required
-
and
or
type string
The type of condition under which to apply the policy.
Required
-
anyTag
columnRegex
columnTags
noTags
server
tags
time
columnRegex object
This object indicates that the policy should apply to data sources with column names that match the regular expression. Its child parameters are outlined below.
Required when type is columnRegex
.
-
-
columnRegex.regex string
A regular expression that matches names of columns.
Required when type is columnRegex
.
-
-
columnRegex.caseInsensitive boolean
When true
, the regular expression is case insensitive.
Optional
false
true
false
columnTag object
This object specifies the column tags required for the policy to apply to the data source. Child parameters are outlined below.
Required if type is columnTags
.
-
-
columnTag.name string
The name of the tag.
Required if type is columnTags
-
-
columnTag.displayName string
The display name of the tag.
Optional
-
-
columnTag.hasLeafNodes boolean
When true
, the tag applied has child tags.
Optional
-
-
server string
The server that contains the data sources the policy should be applied to.
Required when type is server
.
-
-
startDate string
Applies the policy to data sources created on or after this startDate and before the endDate (if the endDate is specified).
Required when type is time
.
-
-
endDate string
Applies the policy to data sources created on or before this endDate and after the startDate.
Optional
null
-
Global write policy response schema
policyKey string
The unique name of the policy.
createdBy integer
The unique identifier of the user who created the policy.
createdByName string
The username of the user who created the policy.
createdAt string
The date the policy was created.
clonedFrom integer
The unique identifier of the policy that the new policy was cloned from.
systemGenerated boolean
Indicates whether or not the policy is system-generated.
deleted boolean
When true
, the policy has been deleted.
id integer
The unique identifier of the policy.
type string
The type of policy. For write access policies, the type is subscription
.
name string
The name of the policy.
template boolean
Specifies whether or not the policy is available as a template.
certification object
The certification object only applies to data policies, not write access policies.
actions array[]
Specifies the policy access type and restriction level.
actions.type string
The type of policy. For write access policies, the type is subscription
.
actions.accessGrant string
The type of access the user is granted. For write access policies, actions.accessGrant is WRITE
.
actions.description string
The description of the policy.
actions.allowDiscovery boolean
When true
, users can still see that the data source exists in Immuta, even if they do not have the attributes and groups specified by the policy.
actions.subscriptionType string
The restriction level of the subscription policy.
actions.shareResponsibility boolean
When true
, users need to meet the conditions in this policy OR another share responsibility policy that applies to the data source. This parameter is not applicable to policies with actions.subscriptionType
with a value of manual
.
actions.automaticSubscription boolean
When true
, users will automatically be subscribed to the data source when they meet the conditions specified in the policy. This parameter is not applicable to policies with actions.subscriptionType with a value of manual
.
staged boolean
When true
, the policy is staged and not active on any data sources.
circumstances array[]
Specifies the conditions under which the policy applies to a data source. See the object description for child parameters.
Manual write access grant response schema
isSubscriptionOverride boolean
When true
, the user was manually granted write access by a data owner instead of being granted access by a policy on the data source.
id integer
The unique identifier of the user's subscription to the data source.
modelId integer
The unique identifier of the data source.
modelType string
The type of model the subscription policy applies to. For write policies, modelType is dataSource
.
state string
The type of role the user has, such as expert
, owner
, or subscribed
.
admin integer
The unique identifier of the user who granted write access to the data source subscriber.
denialReasoning string
If the user was denied access to the data source, this field contains the reason entered by the owner who denied access.
profile integer
The unique identifier of the user who has been granted write access.
group string
The name of the group that has been granted write access, when applicable.
policy boolean
When true
, the access has been granted by a policy on the data source.
expiration string
The date the user's access expires.
acknowledgeRequired boolean
When true
, the users must manually request access to the data source.
createdAt string
The date and time the user's access to the data source was granted.
updatedAt string
The date and time the user's access to the data source was updated.
accessGrant string
The type of access the user has to the data source: READ
or WRITE
.
approved boolean
When true
, the user's access to the data source has been approved.