Manage Write Policies

Write policies API endpoint reference guide

The policies resource allows you to manage and apply policies to your data sources. The endpoints and examples provided in this guide are specific to creating global write policies.

Endpoints

Method

Endpoint

Description

POST

Manually grants write access to a user

POST

Creates a global write access policy

DELETE

Deletes the specified global write access policy

GET

Gets the global policy with the given policy ID

PUT

Updates the specified global policy

`POST` `/dataSource/{dataSourceId}/access`

Manually grants write access to a user.

curl -X 'POST' \
    'https://www.organization.immuta.com/dataSource/6/access' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
    -d '{
    "profileId": 3,
    "state": "subscribed",
    "accessGrant": "WRITE"
    }'

Request parameter

Parameter

Description

dataSourceId integer

The unique identifier of the data source.

Body parameters

The request accepts a JSON or YAML payload. See the for parameter details.

Response

The response returns the following JSON object. See the for details about the response schema.

{
  "isSubscriptionOverride": true,
  "id": 23,
  "modelId": "6",
  "modelType": "datasource",
  "state": "subscribed",
  "metadata": {},
  "admin": 2,
  "denialReasoning": null,
  "profile": 3,
  "group": null,
  "policy": false,
  "expiration": null,
  "acknowledgeRequired": false,
  "createdAt": "2023-10-11T14:43:00.726Z",
  "updatedAt": "2023-10-11T14:43:00.726Z",
  "accessGrant": "WRITE",
  "approved": true
}

`POST` `/policy/global`

Creates a global policy.

The example below grants write access to users with the attribute has.write and applies the global policy to all data sources.

curl -X 'POST' \
    'https://www.organization.immuta.com/policy/global' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
    -d '{
    "type": "subscription",
    "name": "Allow users with specific entitlements to have write access",
    "actions": [{
      "type": "subscription",
      "subscriptionType": "policy",
      "accessGrant": "WRITE",
      "exceptions": {
        "operator": "and",
        "conditions": [{
          "type": "authorizations",
          "authorization": {
            "auth": "has",
            "value": "write"
          }
      }]
    },
    }],
    "staged": false
    }'

The example below grants users write access when they are individually selected by data owners and applies the policy to data sources with columns tagged Discovered.Person Name.

curl -X 'POST' \
    'https://www.organization.immuta.com/policy/global' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
    -d '{
    "type": "subscription",
    "name": "Data owners grant specific users write access",
    "actions": [{
      "type": "subscription",
      "subscriptionType": "manual",
      "accessGrant": "WRITE"
    }],
    "staged": false,
    "circumstances": [{
    "type": "columnTags",
    "columnTag": {
      "name": "Discovered.Person Name",
      "displayName": "Discovered . Person Name",
      "hasLeafNodes": false
      }
    }]
    }'

Body parameters

The request accepts a JSON or YAML payload. See the for parameter details.

Response

The response returns the global policy configuration. See the for details about the response schema.

{
  "policyKey": "Manual global write policy",
  "name": "Manual global write policy",
  "type": "subscription",
  "template": true,
  "staged": false,
  "systemGenerated": false,
  "deleted": false,
  "certification": null,
  "actions": [
    {
      "type": "subscription",
      "accessGrant": "WRITE",
      "description": null,
      "allowDiscovery": false,
      "subscriptionType": "manual",
      "shareResponsibility": false,
      "automaticSubscription": false
    }
  ],
  "circumstances": null,
  "metadata": null,
  "clonedFrom": null,
  "createdBy": 2,
  "id": 4,
  "createdAt": "2023-10-10T13:18:37.270Z",
  "updatedAt": "2023-10-10T13:18:37.270Z",
  "createdByName": "Taylor",
  "ownerRestrictions": null
}

{
  "policyKey": "Manual global write policy",
  "name": "Manual global write policy",
  "type": "subscription",
  "template": true,
  "staged": false,
  "systemGenerated": false,
  "deleted": false,
  "certification": null,
  "actions": [
    {
      "type": "subscription",
      "accessGrant": "WRITE",
      "description": null,
      "allowDiscovery": false,
      "subscriptionType": "manual",
      "shareResponsibility": false,
      "automaticSubscription": false
    }
  ],
  "circumstances": [{
    "type": "columnTags",
    "columnTag": {
      "name": "Discovered.Person Name",
      "displayName": "Discovered . Person Name",
      "hasLeafNodes": false
      }
    }],
  "metadata": null,
  "clonedFrom": null,
  "createdBy": 2,
  "id": 4,
  "createdAt": "2023-10-10T13:18:37.270Z",
  "updatedAt": "2023-10-10T13:18:37.270Z",
  "createdByName": "Taylor",
  "ownerRestrictions": null
}

`DELETE` `/policy/global/{policyId}`

Deletes the specified policy.

curl -X 'DELETE' \
    'https://www.organization.immuta.com/policy/global/4' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f'

Request parameter

Parameter

Description

policyId integer

The unique identifier of the policy.

Response

The response returns the deleted global policy configuration. See the for details about the response schema.

`GET` `/policy/global/{policyId}`

Gets the specified policy.

curl -X 'GET' \
    'https://www.organization.immuta.com/policy/global/4' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f'

Request parameter

Parameter

Description

policyId integer

The unique identifier of the policy.

Response

The response returns the global policy configuration. See the for details about the response schema.

`PUT` `/policy/global/{policyId}`

Updates the specified policy.

curl -X 'PUT' \
    'https://www.organization.immuta.com/policy/global/4' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
    -d '{
    "type": "subscription",
    "name": "Manual global write policy",
    "template": true,
    "actions": [{
      "type": "subscription",
      "subscriptionType": "manual",
      "description": "This updated policy only applies to data sources tagged Discovered.Healthcare NPI.",
      "accessGrant": "WRITE"
    }],
    "staged": false,
    "circumstances": [{
      "operator": "or",
      "type": "columnTags",
      "columnTag": {
        "name": "Discovered.Healthcare NPI",
        "displayName": "Discovered . Healthcare NPI",
        "hasLeafNodes": false
      }
    }]
    }

Body parameters

The request accepts a JSON or YAML payload. See the for parameter details.

Response

The response returns the updated global policy configuration. See the for details about the response schema.

PreviousManage Data and Subscription Policies NextWrite Policies Payloads and Response Schema Reference Guide

Last updated 8 months ago

Was this helpful?

Endpoints

POST /dataSource/{dataSourceId}/access

Request parameter

Body parameters

Response

POST /policy/global

Body parameters

Response

DELETE /policy/global/{policyId}

Request parameter

Response

GET /policy/global/{policyId}

Request parameter

Response

PUT /policy/global/{policyId}

Body parameters

Response

`POST` `/dataSource/{dataSourceId}/access`

`POST` `/policy/global`

`DELETE` `/policy/global/{policyId}`

`GET` `/policy/global/{policyId}`

`PUT` `/policy/global/{policyId}`