# Manage Write Policies The policies resource allows you to manage and apply policies to your data sources. The endpoints and examples provided in this guide are specific to creating [global write policies](/latest/governance/author-policies-for-data-access-control/authoring-policies-in-secure/section-contents/reference-guides/subscription-access-types.md). ## Endpoints
MethodEndpointDescription
POST/dataSource/{dataSourceId}/accessManually grants write access to a user
POST/policy/globalCreates a global write access policy
DELETE/policy/global/{policyId}Deletes the specified global write access policy
GET/policy/global/{policyId}Gets the global policy with the given policy ID
PUT/policy/global/{policyId}Updates the specified global policy
## `POST` `/dataSource/{dataSourceId}/access` Manually grants write access to a user. **Requirement**: `GOVERNANCE` permission, `USER_ADMIN` permission, or be the data source owner ```bash curl -X 'POST' \ 'https://www.organization.immuta.com/dataSource/6/access' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \ -d '{ "profileId": 3, "state": "subscribed", "accessGrant": "WRITE" }' ``` ### Path parameter | Parameter | Description | | -------------------------- | ----------------------------------------- | | **dataSourceId** `integer` | The unique identifier of the data source. | ### Body parameters The request accepts a JSON or YAML payload. See the [write access manual grant payload description](/latest/developer-guides/api-intro/immuta-v1-api/manage-data-access/write-policies-api/payload-reference.md#manual-write-access-grant-payload) for parameter details. ### Response The response returns a JSON object. See the [payload reference guide](/latest/developer-guides/api-intro/immuta-v1-api/manage-data-access/write-policies-api/payload-reference.md#manual-write-access-grant-response-schema) for details about the response schema. ```json { "isSubscriptionOverride": true, "id": 23, "modelId": "6", "modelType": "datasource", "state": "subscribed", "metadata": {}, "admin": 2, "denialReasoning": null, "profile": 3, "group": null, "policy": false, "expiration": null, "acknowledgeRequired": false, "createdAt": "2023-10-11T14:43:00.726Z", "updatedAt": "2023-10-11T14:43:00.726Z", "accessGrant": "WRITE", "approved": true } ``` ## `POST` `/policy/global` Creates a global policy. **Requirement**: `GOVERNANCE` permission, domain-specific `Manage Policies` permission, or be a data source owner {% tabs %} {% tab title="Users with specific groups or attributes" %} The example below grants write access to users with the attribute `has.write` and applies the global policy to all data sources. ```bash curl -X 'POST' \ 'https://www.organization.immuta.com/policy/global' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \ -d '{ "type": "subscription", "name": "Allow users with specific entitlements to have write access", "actions": [{ "type": "subscription", "subscriptionType": "policy", "accessGrant": "WRITE", "exceptions": { "operator": "and", "conditions": [{ "type": "authorizations", "authorization": { "auth": "has", "value": "write" } }] } }], "staged": false }' ``` {% endtab %} {% tab title="Individually selected users" %} The example below grants users write access when they are individually selected by data owners and applies the policy to data sources with columns tagged `Discovered.Person Name`. ```bash curl -X 'POST' \ 'https://www.organization.immuta.com/policy/global' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \ -d '{ "type": "subscription", "name": "Data owners grant specific users write access", "actions": [{ "type": "subscription", "subscriptionType": "manual", "accessGrant": "WRITE" }], "staged": false, "circumstances": [{ "type": "columnTags", "columnTag": { "name": "Discovered.Person Name", "displayName": "Discovered . Person Name", "hasLeafNodes": false } }] }' ``` {% endtab %} {% endtabs %} ### Body parameters The request accepts a JSON or YAML payload. See the [global policy payload description](/latest/developer-guides/api-intro/immuta-v1-api/manage-data-access/write-policies-api/payload-reference.md#global-write-policy-payload) for parameter details. ### Response The response returns the global policy configuration. See the [payload reference guide](/latest/developer-guides/api-intro/immuta-v1-api/manage-data-access/write-policies-api/payload-reference.md#global-write-policy-response-schema) for details about the response schema. {% tabs %} {% tab title="Basic example" %} ```json { "policyKey": "Manual global write policy", "name": "Manual global write policy", "type": "subscription", "template": true, "staged": false, "systemGenerated": false, "deleted": false, "certification": null, "actions": [ { "type": "subscription", "accessGrant": "WRITE", "description": null, "allowDiscovery": false, "subscriptionType": "manual", "shareResponsibility": false, "automaticSubscription": false } ], "circumstances": null, "metadata": null, "clonedFrom": null, "createdBy": 2, "id": 4, "createdAt": "2023-10-10T13:18:37.270Z", "updatedAt": "2023-10-10T13:18:37.270Z", "createdByName": "Taylor", "ownerRestrictions": null } ``` {% endtab %} {% tab title="Complex example" %} ```json { "policyKey": "Manual global write policy", "name": "Manual global write policy", "type": "subscription", "template": true, "staged": false, "systemGenerated": false, "deleted": false, "certification": null, "actions": [ { "type": "subscription", "accessGrant": "WRITE", "description": null, "allowDiscovery": false, "subscriptionType": "manual", "shareResponsibility": false, "automaticSubscription": false } ], "circumstances": [{ "type": "columnTags", "columnTag": { "name": "Discovered.Person Name", "displayName": "Discovered . Person Name", "hasLeafNodes": false } }], "metadata": null, "clonedFrom": null, "createdBy": 2, "id": 4, "createdAt": "2023-10-10T13:18:37.270Z", "updatedAt": "2023-10-10T13:18:37.270Z", "createdByName": "Taylor", "ownerRestrictions": null } ``` {% endtab %} {% endtabs %} ## `DELETE` `/policy/global/{policyId}` Deletes the specified policy. **Requirement**: `GOVERNANCE` permission, domain-specific `Manage Policies` permission, or be the policy creator ```bash curl -X 'DELETE' \ 'https://www.organization.immuta.com/policy/global/4' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' ``` ### Path parameter | Parameter | Description | | ---------------------- | ------------------------------------ | | **policyId** `integer` | The unique identifier of the policy. | ### Response The response returns the deleted global policy configuration. See the [payload reference guide](/latest/developer-guides/api-intro/immuta-v1-api/manage-data-access/write-policies-api/payload-reference.md#global-write-policy-response-schema) for details about the response schema. ## `GET` `/policy/global/{policyId}` Gets the specified policy. ```bash curl -X 'GET' \ 'https://www.organization.immuta.com/policy/global/4' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' ``` ### Path parameter | Parameter | Description | | ---------------------- | ------------------------------------ | | **policyId** `integer` | The unique identifier of the policy. | ### Response The response returns the global policy configuration. See the [payload reference guide](/latest/developer-guides/api-intro/immuta-v1-api/manage-data-access/write-policies-api/payload-reference.md#global-write-policy-response-schema) for details about the response schema. ## `PUT` `/policy/global/{policyId}` Updates the specified policy. **Requirement**: `GOVERNANCE` permission, domain-specific `Manage Policies` permission, or be the policy creator ```bash curl -X 'PUT' \ 'https://www.organization.immuta.com/policy/global/4' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \ -d '{ "type": "subscription", "name": "Manual global write policy", "template": true, "actions": [{ "type": "subscription", "subscriptionType": "manual", "description": "This updated policy only applies to data sources tagged Discovered.Healthcare NPI.", "accessGrant": "WRITE" }], "staged": false, "circumstances": [{ "operator": "or", "type": "columnTags", "columnTag": { "name": "Discovered.Healthcare NPI", "displayName": "Discovered . Healthcare NPI", "hasLeafNodes": false } }] }' ``` ### Body parameters The request accepts a JSON or YAML payload. See the [global policy payload description](/latest/developer-guides/api-intro/immuta-v1-api/manage-data-access/write-policies-api/payload-reference.md#global-write-policy-payload) for parameter details. ### Response The response returns the updated global policy configuration. See the [payload reference guide](/latest/developer-guides/api-intro/immuta-v1-api/manage-data-access/write-policies-api/payload-reference.md#global-write-policy-response-schema) for details about the response schema. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.immuta.com/latest/developer-guides/api-intro/immuta-v1-api/manage-data-access/write-policies-api.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.