Create a Subscription Policy
POST /api/v2/policy
/api/v2/policyRequired Immuta permission: GOVERNANCE
Create an Anyone can subscribe subscription policy.
name: Anyone
policyKey: subscription anyone
type: subscription
actions:
type: anyone
automaticSubscription: false
description: Rationale
circumstances:
- type: tags
tag: DiscoveredCreate an anyone can subscribe when approved subscription policy.
name: Approval
policyKey: subscription approval
type: subscription
actions:
type: approval
approvals:
- specificApproverRequired: false
requiredPermissions: OWNER
- specificApproverRequired: true
requiredPermissions: GOVERNANCE
description: Rationale
circumstances:
- type: columnTags
columnTag: DiscoveredCreate a users with specific groups or attributes subscription policy.
name: Entitlement
policyKey: subscription entitlements
type: subscription
actions:
type: entitlements
entitlements:
operator: any
groups:
- Employee
attributes:
- name: auth1
value: SOMETHING_ELSE
automaticSubscription: true
allowDiscovery: false
description: Some description here
circumstances:
- type: columnRegex
regex: ssn
caseInsensitive: false
staged: falseCreate a users with specific groups or attributes subscription policy using advanced functions.
name: Advanced Entitlement
policyKey: subscription entitlements advanced boolean
type: subscription
actions:
type: entitlements
advanced: "@isInGroups('Engineers', 'Founders') AND @hasAttribute('Auth1', 'Super Secret')"
automaticSubscription: true
allowDiscovery: false
description: Some description here
circumstances:
- type: columnRegex
regex: ssn
caseInsensitive: false
staged: falseCreate an individual users you select subscription policy.
name: Manual
policyKey: subscription manual
type: subscription
actions:
type: manual
description: RationalePath parameters
dryRun boolean
If true, no updates will actually be made.
Optional
false
reCertify boolean
If true (and if the certification has changed), someone will need to re-certify this policy on all impacted data sources.
Optional
false
Body parameters
The body of the request contains the details of the policy you want to create. The following table describes the attributes you can include in the body.
policyKey string
A key/name to uniquely identify this policy.
Required
-
-
name string
The name of the policy that will be displayed in the Immuta UI.
Required
-
-
type string
The type of policy.
Required
-
subscriptiondata
circumstanceOperator string
Specifies whether all of the circumstances must be met for the policy to be applied (AND), or just any of them (OR).
Optional
any
allany
staged boolean
If true, this global policy is in a staged status.
Optional
false
truefalse
actions object
actions objectThe actions object describes the rules of the policy.
type string
The type of subscription policy.
Required
-
anyone: Anyone can subscribeapproval: Anyone can request approval and will be subscribed when it is approvedentitlements: Users with the listed attributes or groups will be subscribedmanual: Users must be manually added to be subscribed
automaticSubscription boolean
When true, users will be automatically subscribed to the data source without having to take action.
Optional
false
truefalse
allowDiscovery boolean
When true, users can see the data source in the Immuta UI, even if they do not have the attributes and groups specified by the policy.
Optional
false
truefalse
advanced string
An advanced function to use as the subscription policy. See the Advanced use of special functions guide for details about the functions Immuta supports.
Optional
-
-
description string
The rationale for your policy.
Optional
-
-
approvals array
Details about the user(s) that will approve subscription requests.
Required if type is approval
-
-
entitlements object
Details about the entitlements required for users to subscribe to the data sources.
Required if type is entitlements
-
-
approvals array
approvals arrayThis array is required if the policy type is approval in the actions object. It allows you to define the users who can approve subscription requests.
specificApproverRequired boolean
If true, the user to approve the request will be selected by the user requesting access. If false, any user with the required permission can approve the request.
Required
-
truefalse
requiredPermissions string
The required permissions for the user approving the subscription request.
Required
-
USER_ADMINGOVERNANCEAUDIT
entitlements object
entitlements objectThis object is required if the policy type is entitlements in the actions object. It allows you to define the groups or attributes that users must have to subscribe to the project.
operator string
Specifies whether users must have all or any of the entitlements to be eligible to subscribe to the data source.
Required
-
allany
groups array[string]
The names of the groups the user must be a member of to subscribe to the data source.
Requires either groups or attributes
-
-
attributes array[object]
Details about attributes the user must have to subscribe to the data source.
Requires either groups or attributes
-
-
attributes.name string
The name of the attribute the user must have to subscribe to the data source. This is commonly referred to as a key.
Required if using attributes
-
-
attributes.value string
The value of the attribute the user must have to subscribe to the data source.
Required if using attributes
-
-
circumstances array
circumstances arrayThe circumstances array dictates what data sources the policy will be applied to. For example, you could specify to apply the policy to data sources that have specific tags or to data sources created during a certain time period.
type string
Specifies how to determine whether or not to apply the policy to the data source.
Optional
Defaults to all data sources
tags: Apply the policy when the data source has these tags.columnRegex: Apply the policy when the data source has column names that match the regex.columnTags: Apply the policy when the data source has columns with these tags.domains: Apply the policy to data sources in these domains.null: Apply the policy to data sources when it is selected by data owners.server: Apply the policy to data sources in this server.time: Apply the policy to data sources created in a specific time period.
tag string
The tag to dictate when the policy is applied.
Required if type is tags.
-
-
columnTag string
The column tag to dictate when the policy is applied.
Required if type is columnTags.
-
-
regex string
The regex to match against column names and apply the policy when found.
Required if type is columnRegex.
-
-
caseInsensitive boolean
If true, the regex is case insensitive. Use with type columnRegex.
Optional
-
truefalse
server string
Specifies the server that contains the data sources the policy should be applied to.
Required if type is server
-
-
startDate string
Specifies to apply policies to data sources created on or after this date and before the endDate.
Required if type is time
-
-
endDate string
Specifies to apply policies to data sources created before this date and after the startDate.
Optional
-
-
domains array[object]
Specifies to apply policies to data sources in the listed domains.
Required if type is domains.
-
-
domains.id string
The unique ID of the domain.
Requires either domains.id or domains.name if type is domains.
-
-
domains.name string
The name of the domain.
Requires either domains.id or domains.name if type is domains.
-
-
certification object
certification objectThe certification object contains the details of the certification for the policy.
text string
The text that appears when a data owner attempts to certify a policy.
Required
-
-
label string
The label that appears when the policy has been certified.
Required
-
-
tags array[string]
Tags that impact the certification.
Optional
-
-
recertify boolean
When true, data owners must re-certify all data sources this policy applies to.
Optional
false
truefalse
Last updated