Write policies API endpoint reference guide
The policies resource allows you to manage and apply policies to your data sources. The endpoints and examples provided in this guide are specific to creating global write policies.
POST
/dataSource/{dataSourceId}/access
Manually grants write access to a user.
The request accepts a JSON or YAML payload. See the write access manual grant payload description for parameter details.
The response returns the following JSON object. See the payload reference guide for details about the response schema.
POST
/policy/global
Creates a global policy.
The example below grants write access to users with the attribute has.write
and applies the global policy to all data sources.
The example below grants users write access when they are individually selected by data owners and applies the policy to data sources with columns tagged Discovered.Person Name
.
The request accepts a JSON or YAML payload. See the global policy payload description for parameter details.
The response returns the global policy configuration. See the payload reference guide for details about the response schema.
DELETE
/policy/global/{policyId}
Deletes the specified policy.
The response returns the deleted global policy configuration. See the payload reference guide for details about the response schema.
GET
/policy/global/{policyId}
Gets the specified policy.
The response returns the global policy configuration. See the payload reference guide for details about the response schema.
PUT
/policy/global/{policyId}
Updates the specified policy.
The request accepts a JSON or YAML payload. See the global policy payload description for parameter details.
The response returns the updated global policy configuration. See the payload reference guide for details about the response schema.
The parameters for manually granting write access to a data source without using a policy are outlined in the table below.
The parameters for creating a global write policy are outlined in the table below.
The actions array specifies the policy access type and restriction level. Its child parameters are outlined in the table below.
The circumstances object specifies the conditions under which the policy applies to a data source. Its child parameters are outlined in the table below.
Method | Endpoint | Description |
---|---|---|
Parameter | Description |
---|---|
Parameter | Description |
---|---|
Parameter | Description |
---|---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description | Required or optional | Default values | Accepted values |
---|
Parameter | Description |
---|
Parameter | Description |
---|
POST
Manually grants write access to a user
POST
Creates a global write access policy
DELETE
Deletes the specified global write access policy
GET
Gets the global policy with the given policy ID
PUT
Updates the specified global policy
dataSourceId integer
The unique identifier of the data source.
policyId integer
The unique identifier of the policy.
policyId integer
The unique identifier of the policy.
profileId | The unique identifier of the user to whom you are granting write access. | Required | - | - |
state | The user's role on the data source. | Required | - |
|
accessGrant | The type of access to grant the user. | Required | - |
|
type | The type of policy. For write access policies, the type is | Required | - |
|
accessGrant | The type of access the user is granted. | Required | - |
|
description | The description of the policy. | Optional |
| - |
subscriptionType | The restriction level of the subscription policy. | Required | - |
|
operator | Specifies how to combine the conditions of the policy. | Required | - |
|
type | The type of condition under which to apply the policy. | Required | - |
|
columnRegex | This object indicates that the policy should apply to data sources with column names that match the regular expression. Its child parameters are outlined below. | Required when type is | - | - |
columnRegex.regex | A regular expression that matches names of columns. | Required when type is | - | - |
columnRegex.caseInsensitive | When | Optional |
|
|
columnTag | This object specifies the column tags required for the policy to apply to the data source. Child parameters are outlined below. | Required if type is | - | - |
columnTag.name | The name of the tag. | Required if type is | - | - |
columnTag.displayName | The display name of the tag. | Optional | - | - |
columnTag.hasLeafNodes | When | Optional | - | - |
server | The server that contains the data sources the policy should be applied to. | Required when type is | - | - |
startDate | Applies the policy to data sources created on or after this startDate and before the endDate (if the endDate is specified). | Required when type is | - | - |
endDate | Applies the policy to data sources created on or before this endDate and after the startDate. | Optional |
| - |
isSubscriptionOverride | When |
id | The unique identifier of the user's subscription to the data source. |
modelId | The unique identifier of the data source. |
modelType | The type of model the subscription policy applies to. For write policies, modelType is |
state | The type of role the user has, such as |
admin | The unique identifier of the user who granted write access to the data source subscriber. |
denialReasoning | If the user was denied access to the data source, this field contains the reason entered by the owner who denied access. |
profile | The unique identifier of the user who has been granted write access. |
group | The name of the group that has been granted write access, when applicable. |
policy | When |
expiration | The date the user's access expires. |
acknowledgeRequired | When |
createdAt | The date and time the user's access to the data source was granted. |
updatedAt | The date and time the user's access to the data source was updated. |
accessGrant | The type of access the user has to the data source: |
approved | When |
type | The type of policy to create. | Required | - |
|
name | The name of the policy. | Required | - | - |
template | Specifies whether or not the policy should be available as a template. | Optional |
|
|
Required | - |
staged | When | Required | - |
|
Optional | By default, the policy applies to all data sources. | - |
policyKey | The unique name of the policy. |
createdBy | The unique identifier of the user who created the policy. |
createdByName | The username of the user who created the policy. |
createdAt | The date the policy was created. |
clonedFrom | The unique identifier of the policy that the new policy was cloned from. |
systemGenerated | Indicates whether or not the policy is system-generated. |
deleted | When |
id | The unique identifier of the policy. |
type | The type of policy. For write access policies, the type is |
name | The name of the policy. |
template | Specifies whether or not the policy is available as a template. |
certification | The certification object only applies to data policies, not write access policies. |
actions | Specifies the policy access type and restriction level. |
actions.type | The type of policy. For write access policies, the type is |
actions.accessGrant | The type of access the user is granted. For write access policies, actions.accessGrant is |
actions.description | The description of the policy. |
actions.allowDiscovery | When |
actions.subscriptionType | The restriction level of the subscription policy. |
actions.shareResponsibility | When |
actions.automaticSubscription | When |
staged | When |
circumstances |
Specifies the policy access type and restriction level. See the for details.
This object specifies the conditions under which the policy applies to a data source. Set the value to null
to enforce the policy only when it is applied by data owners. Do not include this object in your payload to apply the policy to all data sources. See the for additional parameters and details.
Specifies the conditions under which the policy applies to a data source. See the for child parameters.