Create a Subscription Policy
POST /api/v2/policy
/api/v2/policy
Required Immuta permission: GOVERNANCE
Create an Anyone can subscribe subscription policy.
name: Anyone
policyKey: subscription anyone
type: subscription
actions:
type: anyone
automaticSubscription: false
description: Rationale
circumstances:
- type: tags
tag: Discovered
Path parameters
dryRun boolean
If true
, no updates will actually be made.
Optional
false
reCertify boolean
If true
(and if the certification has changed), someone will need to re-certify this policy on all impacted data sources.
Optional
false
Body parameters
The body of the request contains the details of the policy you want to create. The following table describes the attributes you can include in the body.
policyKey string
A key/name to uniquely identify this policy.
Required
-
-
name string
The name of the policy that will be displayed in the Immuta UI.
Required
-
-
type string
The type of policy.
Required
-
subscription
data
circumstanceOperator string
Specifies whether all
of the circumstances must be met for the policy to be applied (AND), or just any
of them (OR).
Optional
any
all
any
staged boolean
If true
, this global policy is in a staged status.
Optional
false
true
false
actions
object
actions
objectThe actions object describes the rules of the policy.
type string
The type of subscription policy.
Required
-
anyone
: Anyone can subscribeapproval
: Anyone can request approval and will be subscribed when it is approvedentitlements
: Users with the listed attributes or groups will be subscribedmanual
: Users must be manually added to be subscribed
automaticSubscription boolean
When true
, users will be automatically subscribed to the data source without having to take action.
Optional
false
true
false
allowDiscovery boolean
When true
, users can see the data source in the Immuta UI, even if they do not have the attributes and groups specified by the policy.
Optional
false
true
false
advanced string
An advanced function to use as the subscription policy. See the Advanced use of special functions guide for details about the functions Immuta supports.
Optional
-
-
description string
The rationale for your policy.
Optional
-
-
approvals array
Details about the user(s) that will approve subscription requests.
Required if type is approval
-
-
entitlements object
Details about the entitlements required for users to subscribe to the data sources.
Required if type is entitlements
-
-
approvals
array
approvals
arrayThis array is required if the policy type is approval
in the actions object. It allows you to define the users who can approve subscription requests.
specificApproverRequired boolean
If true
, the user to approve the request will be selected by the user requesting access. If false
, any user with the required permission can approve the request.
Required
-
true
false
requiredPermissions string
The required permissions for the user approving the subscription request.
Required
-
USER_ADMIN
GOVERNANCE
AUDIT
entitlements
object
entitlements
objectThis object is required if the policy type is entitlements
in the actions object. It allows you to define the groups or attributes that users must have to subscribe to the project.
operator string
Specifies whether users must have all
or any
of the entitlements to be eligible to subscribe to the data source.
Required
-
all
any
groups array[string]
The names of the groups the user must be a member of to subscribe to the data source.
Requires either groups or attributes
-
-
attributes array[object]
Details about attributes the user must have to subscribe to the data source.
Requires either groups or attributes
-
-
attributes.name string
The name of the attribute the user must have to subscribe to the data source. This is commonly referred to as a key.
Required if using attributes
-
-
attributes.value string
The value of the attribute the user must have to subscribe to the data source.
Required if using attributes
-
-
circumstances
array
circumstances
arrayThe circumstances
array dictates what data sources the policy will be applied to. For example, you could specify to apply the policy to data sources that have specific tags or to data sources created during a certain time period.
type string
Specifies how to determine whether or not to apply the policy to the data source.
Optional
Defaults to all data sources
tags
: Apply the policy when the data source has these tags.columnRegex
: Apply the policy when the data source has column names that match the regex.columnTags
: Apply the policy when the data source has columns with these tags.domains
: Apply the policy to data sources in these domains.null
: Apply the policy to data sources when it is selected by data owners.server
: Apply the policy to data sources in this server.time
: Apply the policy to data sources created in a specific time period.
tag string
The tag to dictate when the policy is applied.
Required if type is tags
.
-
-
columnTag string
The column tag to dictate when the policy is applied.
Required if type is columnTags
.
-
-
regex string
The regex to match against column names and apply the policy when found.
Required if type is columnRegex
.
-
-
caseInsensitive boolean
If true
, the regex is case insensitive. Use with type columnRegex
.
Optional
-
true
false
server string
Specifies the server that contains the data sources the policy should be applied to.
Required if type is server
-
-
startDate string
Specifies to apply policies to data sources created on or after this date and before the endDate.
Required if type is time
-
-
endDate string
Specifies to apply policies to data sources created before this date and after the startDate.
Optional
-
-
domains array[object]
Specifies to apply policies to data sources in the listed domains.
Required if type is domains
.
-
-
domains.id string
The unique ID of the domain.
Requires either domains.id or domains.name if type is domains
.
-
-
domains.name string
The name of the domain.
Requires either domains.id or domains.name if type is domains
.
-
-
certification
object
certification
objectThe certification
object contains the details of the certification for the policy.
text string
The text that appears when a data owner attempts to certify a policy.
Required
-
-
label string
The label that appears when the policy has been certified.
Required
-
-
tags array[string]
Tags that impact the certification.
Optional
-
-
recertify boolean
When true
, data owners must re-certify all data sources this policy applies to.
Optional
false
true
false
Last updated
Was this helpful?