Create a Subscription Policy

dryRun boolean

If true, no updates will actually be made.

Optional

false

reCertify boolean

If true (and if the certification has changed), someone will need to re-certify this policy on all impacted data sources.

Optional

false

policyKey string

A key/name to uniquely identify this policy.

Required

-

-

name string

The name of the policy that will be displayed in the Immuta UI.

Required

-

-

type string

The type of policy.

Required

-

• subscription

• data

The actual rules for this policy.

Required

-

-

When and where the policy should get applied.

Optional

-

-

circumstanceOperator string

Specifies whether all of the circumstances must be met for the policy to be applied (AND), or just any of them (OR).

Optional

any

• all

• any

staged boolean

If true, this global policy is in a staged status.

Optional

false

• true

• false

Certification information for the global policy.

Optional

-

-

type string

The type of subscription policy.

Required

-

• anyone: Anyone can subscribe

• approval: Anyone can request approval and will be subscribed when it is approved

• entitlements: Users with the listed attributes or groups will be subscribed

• manual: Users must be manually added to be subscribed

automaticSubscription boolean

When true, users will be automatically subscribed to the data source without having to take action.

Optional

false

• true

• false

allowDiscovery boolean

When true, users can see the data source in the Immuta UI, even if they do not have the attributes and groups specified by the policy.

Optional

false

• true

• false

advanced string

Optional

-

-

description string

The rationale for your policy.

Optional

-

-

Details about the user(s) that will approve subscription requests.

Required if type is approval

-

-

Details about the entitlements required for users to subscribe to the data sources.

Required if type is entitlements

-

-

specificApproverRequired boolean

If true, the user to approve the request will be selected by the user requesting access. If false, any user with the required permission can approve the request.

Required

-

• true

• false

requiredPermissions string

The required permissions for the user approving the subscription request.

Required

-

• USER_ADMIN

• GOVERNANCE

• AUDIT

operator string

Specifies whether users must have all or any of the entitlements to be eligible to subscribe to the data source.

Required

-

• all

• any

groups array[string]

The names of the groups the user must be a member of to subscribe to the data source.

Requires either groups or attributes

-

-

attributes array[object]

Details about attributes the user must have to subscribe to the data source.

Requires either groups or attributes

-

-

attributes.name string

The name of the attribute the user must have to subscribe to the data source. This is commonly referred to as a key.

Required if using attributes

-

-

attributes.value string

The value of the attribute the user must have to subscribe to the data source.

Required if using attributes

-

-

type string

Specifies how to determine whether or not to apply the policy to the data source.

Optional

Defaults to all data sources

• tags: Apply the policy when the data source has these tags.

• columnRegex: Apply the policy when the data source has column names that match the regex.

• columnTags: Apply the policy when the data source has columns with these tags.

• domains: Apply the policy to data sources in these domains.

• null: Apply the policy to data sources when it is selected by data owners.

• server: Apply the policy to data sources in this server.

• time: Apply the policy to data sources created in a specific time period.

tag string

The tag to dictate when the policy is applied.

Required if type is tags.

-

-

columnTag string

The column tag to dictate when the policy is applied.

Required if type is columnTags.

-

-

regex string

The regex to match against column names and apply the policy when found.

Required if type is columnRegex.

-

-

caseInsensitive boolean

If true, the regex is case insensitive. Use with type columnRegex.

Optional

-

• true

• false

server string

Specifies the server that contains the data sources the policy should be applied to.

Required if type is server

-

-

startDate string

Specifies to apply policies to data sources created on or after this date and before the endDate.

Required if type is time

-

-

endDate string

Specifies to apply policies to data sources created before this date and after the startDate.

Optional

-

-

domains array[object]

Specifies to apply policies to data sources in the listed domains.

Required if type is domains.

-

-

domains.id string

The unique ID of the domain.

Requires either domains.id or domains.name if type is domains.

-

-

domains.name string

The name of the domain.

Requires either domains.id or domains.name if type is domains.

-

-

text string

The text that appears when a data owner attempts to certify a policy.

Required

-

-

label string

The label that appears when the policy has been certified.

Required

-

-

tags array[string]

Tags that impact the certification.

Optional

-

-

recertify boolean

When true, data owners must re-certify all data sources this policy applies to.

Optional

false

• true

• false