# Manage Policies

This page details the `immuta policy` command, its subcommands and arguments, and the workflow for creating, renaming, cloning, and deleting Global Policies.

## Command Overview: `immuta policy`

This command allows you to list, save, delete, and rename Global Policies in your instance of Immuta. The table below illustrates subcommands and arguments.

| Subcommands | Description                                  | Argument(s)      |
| ----------- | -------------------------------------------- | ---------------- |
| `clone`     | Clone and save all Global Policies to files. | `filepath`       |
| `delete`    | Delete a Global Policy by policy key.        | `policy key`     |
| `list`      | List all Global Policy keys.                 | n/a              |
| `rename`    | Rename the Global Policy key.                | `new policy key` |
| `save`      | Create or update a Global Policy in Immuta.  | `filepath`       |

### Options

Use these options to get more details about the `policy` command or any of its subcommands:

* `-h`
* `--help`

## Create a Policy: `immuta policy save`

1. Add your policy information in a valid YAML file for the V2 API. Additional payload examples for creating policies can [be found here](https://documentation.immuta.com/saas/~/changes/l3NnvynMHxi6VvqRtJhK/developer-guides/api-intro/immuta-v2-api/policies):

   ```yaml
   name: Conditional Masking
   policyKey: data conditional masking
   type: data
   actions:
       - rules:
       - type: Masking
           config:
               fields:
               - type: columnTags
                   columnTag: Discovered.Passport
               conditionalPredicate: "@columnTagged('Discovered.Country') = 'USA'"
               maskingConfig:
                   type: Hash
   circumstanceOperator: all
   circumstances:
       - type: columnTags
           columnTag: Discovered.Passport
       - type: columnTags
           columnTag: Discovered.Country
   ```
2. Run `immuta policy save <filepath> [--dryRun] [--reCertify]`, referencing the file you just created. The options you can specify include
   * `-d` or `--dryRun`: No updates will actually be made.
   * `-h` or `--help`: Get more information about the command.
   * `--reCertify`: If the certification has changed, someone will need to re-certify this policy on all impacted data sources.

### Examples

The example below illustrates a user listing all policies and then creating a policy called `data conditional masking`.

```bash
$ immuta policy list
New Column Added

$ immuta policy save ./test-policy.yml
{"dryRun":false,"creating":true,"updating":false,"policyId":4}

$ immuta policy list
New Column Added
data conditional masking
```

## Rename a Policy Key: `immuta policy rename`

1. Opt to list all policy keys to identify which policy you would like to rename by running `immuta policy list`. Options you can specify include
   * `-h` or `--help`: Get more information about the command.
   * `-v` or `--verbose`: Print response as JSON.
2. Rename the policy key by running `immuta policy rename <old policy key> <new policy key>`, enclosing the name of the policy key in quotation marks. Options you can specify to get more information about this command include `-h` or `--help`.

### Example

The example below illustrates a user renaming the `data conditional masking` policy key to `Data Masking`.

```bash
$ immuta policy list
New Column Added
data conditional masking

$ immuta policy rename "data conditional masking" "Data Masking"
{"oldPolicyKey":"data conditional masking","newPolicyKey":"Data Masking"}

$ immuta policy list
Data Masking
New Column Added
```

## Clone Global Policies: `immuta policy clone`

Clone and save all Global Policies to a file by running `immuta policy clone <filepath>`. Options you can specify include

* `--force`: Overwrite existing output directory targets. If this flag is omitted, you will receive an error when the output directory exists and is not empty.
* `-h`, `--help`: Get more information about the command.
* `-v` or `--verbose`: Print response as JSON.

### Example

The example below illustrates cloning and saving all Global Policies to a `policy` folder. In this example, only one Global Policy existed: `Test`.

```bash
$ immuta policy clone ./your-file-path/policy-folder
Cloning all global policies...
Cloning: Test to Desktop/clone-policies/policy/Test.yaml
```

## Delete a Policy: `immuta policy delete`

1. Opt to list all policy keys to determine which policy key you would like to delete by running `immuta policy list`. Options you can specify include
   * `-h` or `--help`: Get more information about the command.
   * `-v` or `--verbose`: Print response as JSON.
2. Delete a policy key by running `immuta policy delete <policy key> [--dryRun]`. Options you can specify include
   * `-d` or `--dryRun`: No updates will be made.
   * `-h` or `--help`: Get more information about the command.

### Example

The example below illustrates a user deleting the `Data Masking` policy.

```bash
$ immuta policy list
Data Masking
New Column Added

$ immuta policy delete "Data Masking" --dryRun
{"dryRun":true,"deleting":"Data Masking"}

$ immuta policy delete "Data Masking"
{"dryRun":false,"deleting":"Data Masking"}

$ immuta policy list
New Column Added
```