# Manage Policies This page details the `immuta policy` command, its subcommands and arguments, and the workflow for creating, renaming, cloning, and deleting Global Policies. ## Command Overview: `immuta policy` This command allows you to list, save, delete, and rename Global Policies in your instance of Immuta. The table below illustrates subcommands and arguments. | Subcommands | Description | Argument(s) | | ----------- | -------------------------------------------- | ---------------- | | `clone` | Clone and save all Global Policies to files. | `filepath` | | `delete` | Delete a Global Policy by policy key. | `policy key` | | `list` | List all Global Policy keys. | n/a | | `rename` | Rename the Global Policy key. | `new policy key` | | `save` | Create or update a Global Policy in Immuta. | `filepath` | ### Options Use these options to get more details about the `policy` command or any of its subcommands: * `-h` * `--help` ## Create a Policy: `immuta policy save` **Requirement**: `GOVERNANCE` permission, domain-specific `Manage Policies` permission, or be a data source owner 1. Add your policy information in a valid YAML file for the V2 API. Additional payload examples for creating policies can [be found here](/SaaS/developer-guides/api-intro/immuta-v2-api/policies.md): ```yaml name: Conditional Masking policyKey: data conditional masking type: data actions: - rules: - type: Masking config: fields: - type: columnTags columnTag: Discovered.Passport conditionalPredicate: "@columnTagged('Discovered.Country') = 'USA'" maskingConfig: type: Hash circumstanceOperator: all circumstances: - type: columnTags columnTag: Discovered.Passport - type: columnTags columnTag: Discovered.Country ``` 2. Run `immuta policy save [--dryRun] [--reCertify]`, referencing the file you just created. The options you can specify include * `-d` or `--dryRun`: No updates will actually be made. * `-h` or `--help`: Get more information about the command. * `--reCertify`: If the certification has changed, someone will need to re-certify this policy on all impacted data sources. ### Examples The example below illustrates a user listing all policies and then creating a policy called `data conditional masking`. ```bash $ immuta policy list New Column Added $ immuta policy save ./test-policy.yml {"dryRun":false,"creating":true,"updating":false,"policyId":4} $ immuta policy list New Column Added data conditional masking ``` ## Rename a Policy Key: `immuta policy rename` **Requirement**: `GOVERNANCE` permission, domain-specific `Manage Policies` permission, or be a data source owner 1. Opt to list all policy keys to identify which policy you would like to rename by running `immuta policy list`. Options you can specify include * `-h` or `--help`: Get more information about the command. * `-v` or `--verbose`: Print response as JSON. 2. Rename the policy key by running `immuta policy rename `, enclosing the name of the policy key in quotation marks. Options you can specify to get more information about this command include `-h` or `--help`. ### Example The example below illustrates a user renaming the `data conditional masking` policy key to `Data Masking`. ```bash $ immuta policy list New Column Added data conditional masking $ immuta policy rename "data conditional masking" "Data Masking" {"oldPolicyKey":"data conditional masking","newPolicyKey":"Data Masking"} $ immuta policy list Data Masking New Column Added ``` ## Clone Global Policies: `immuta policy clone` **Required Immuta permission**: `GOVERNANCE` or domain-specific `Manage Policies` Clone and save all Global Policies to a file by running `immuta policy clone `. Options you can specify include * `--force`: Overwrite existing output directory targets. If this flag is omitted, you will receive an error when the output directory exists and is not empty. * `-h`, `--help`: Get more information about the command. * `-v` or `--verbose`: Print response as JSON. ### Example The example below illustrates cloning and saving all Global Policies to a `policy` folder. In this example, only one Global Policy existed: `Test`. ```bash $ immuta policy clone ./your-file-path/policy-folder Cloning all global policies... Cloning: Test to Desktop/clone-policies/policy/Test.yaml ``` ## Delete a Policy: `immuta policy delete` **Requirement**: `GOVERNANCE` permission, domain-specific `Manage Policies` permission, or be a data source owner 1. Opt to list all policy keys to determine which policy key you would like to delete by running `immuta policy list`. Options you can specify include * `-h` or `--help`: Get more information about the command. * `-v` or `--verbose`: Print response as JSON. 2. Delete a policy key by running `immuta policy delete [--dryRun]`. Options you can specify include * `-d` or `--dryRun`: No updates will be made. * `-h` or `--help`: Get more information about the command. ### Example The example below illustrates a user deleting the `Data Masking` policy. ```bash $ immuta policy list Data Masking New Column Added $ immuta policy delete "Data Masking" --dryRun {"dryRun":true,"deleting":"Data Masking"} $ immuta policy delete "Data Masking" {"dryRun":false,"deleting":"Data Masking"} $ immuta policy list New Column Added ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.immuta.com/SaaS/developer-guides/the-immuta-cli/policies.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.