Write Policies API Endpoint Reference Guide
The policies resource allows you to manage and apply policies to your data sources. The endpoints and examples provided in this guide are specific to creating global write policies.
Endpoints
Method | Endpoint |
Description |
---|---|---|
POST | /dataSource/{dataSourceId}/access |
Manually grants write access to a user |
POST | /policy/global |
Creates a global write access policy |
DELETE | /policy/global/{policyId} |
Deletes the specified global write access policy |
GET | /policy/global/{policyId} |
Gets the global policy with the given policy ID |
PUT | /policy/global/{policyId} |
Updates the specified global policy |
POST /dataSource/{dataSourceId}/access
Manually grants write access to a user.
curl -X 'POST' \
'https://www.organization.immuta.com/dataSource/6/access' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
-d '{
"profileId": 3,
"state": "subscribed",
"accessGrant": "WRITE"
}'
Request parameter
Parameter | Description |
---|---|
dataSourceId integer |
The unique identifier of the data source. |
Body parameters
The request accepts a JSON or YAML payload. See the write access manual grant payload description for parameter details.
Response
The response returns the following JSON object. See the payload reference guide for details about the response schema.
{
"isSubscriptionOverride": true,
"id": 23,
"modelId": "6",
"modelType": "datasource",
"state": "subscribed",
"metadata": {},
"admin": 2,
"denialReasoning": null,
"profile": 3,
"group": null,
"policy": false,
"expiration": null,
"acknowledgeRequired": false,
"createdAt": "2023-10-11T14:43:00.726Z",
"updatedAt": "2023-10-11T14:43:00.726Z",
"accessGrant": "WRITE",
"approved": true
}
POST /policy/global
Creates a global policy.
The example below grants write access to users with the attribute has.write
and applies the global policy to all
data sources.
curl -X 'POST' \
'https://www.organization.immuta.com/policy/global' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
-d '{
"type": "subscription",
"name": "Allow users with specific entitlements to have write access",
"actions": [{
"type": "subscription",
"subscriptionType": "policy",
"accessGrant": "WRITE",
"exceptions": {
"operator": "and",
"conditions": [{
"type": "authorizations",
"authorization": {
"auth": "has",
"value": "write"
}
}]
},
}],
"staged": false
}'
The example below grants users write access when they are individually selected by data owners and applies the
policy to data sources with columns tagged Discovered.Passport
.
curl -X 'POST' \
'https://www.organization.immuta.com/policy/global' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
-d '{
"type": "subscription",
"name": "Data owners grant specific users write access",
"actions": [{
"type": "subscription",
"subscriptionType": "manual",
"accessGrant": "WRITE"
}],
"staged": false,
"circumstances": [{
"type": "columnTags",
"columnTag": {
"name": "Discovered.Passport",
"displayName": "Discovered . Passport",
"hasLeafNodes": false
}
}]
}'
Body parameters
The request accepts a JSON or YAML payload. See the global policy payload description for parameter details.
Response
The response returns the global policy configuration. See the payload reference guide for details about the response schema.
{
"policyKey": "Manual global write policy",
"name": "Manual global write policy",
"type": "subscription",
"template": true,
"staged": false,
"systemGenerated": false,
"deleted": false,
"certification": null,
"actions": [
{
"type": "subscription",
"accessGrant": "WRITE",
"description": null,
"allowDiscovery": false,
"subscriptionType": "manual",
"shareResponsibility": false,
"automaticSubscription": false
}
],
"circumstances": null,
"metadata": null,
"clonedFrom": null,
"createdBy": 2,
"id": 4,
"createdAt": "2023-10-10T13:18:37.270Z",
"updatedAt": "2023-10-10T13:18:37.270Z",
"createdByName": "Taylor",
"ownerRestrictions": null
}
{
"policyKey": "Manual global write policy",
"name": "Manual global write policy",
"type": "subscription",
"template": true,
"staged": false,
"systemGenerated": false,
"deleted": false,
"certification": null,
"actions": [
{
"type": "subscription",
"accessGrant": "WRITE",
"description": null,
"allowDiscovery": false,
"subscriptionType": "manual",
"shareResponsibility": false,
"automaticSubscription": false
}
],
"circumstances": [{
"type": "columnTags",
"columnTag": {
"name": "Discovered.Passport",
"displayName": "Discovered . Passport",
"hasLeafNodes": false
}
}],
"metadata": null,
"clonedFrom": null,
"createdBy": 2,
"id": 4,
"createdAt": "2023-10-10T13:18:37.270Z",
"updatedAt": "2023-10-10T13:18:37.270Z",
"createdByName": "Taylor",
"ownerRestrictions": null
}
DELETE /policy/global/{policyId}
Deletes the specified policy.
curl -X 'DELETE' \
'https://www.organization.immuta.com/policy/global/4' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f'
Request parameter
Parameter | Description |
---|---|
policyId integer |
The unique identifier of the policy. |
Response
The response returns the deleted global policy configuration. See the payload reference guide for details about the response schema.
GET /policy/global/{policyId}
Gets the specified policy.
curl -X 'GET' \
'https://www.organization.immuta.com/policy/global/4' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f'
Request parameter
Parameter | Description |
---|---|
policyId integer |
The unique identifier of the policy. |
Response
The response returns the global policy configuration. See the payload reference guide for details about the response schema.
PUT /policy/global/{policyId}
Updates the specified policy.
curl -X 'PUT' \
'https://www.organization.immuta.com/policy/global/4' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: 846e9e43c86a4ct1be14290d95127d13f' \
-d '{
"type": "subscription",
"name": "Manual global write policy",
"template": true,
"actions": [{
"type": "subscription",
"subscriptionType": "manual",
"description": "This updated policy only applies to data sources tagged Discovered.Passport.",
"accessGrant": "WRITE"
}],
"staged": false,
"circumstances": [{
"operator": "or",
"type": "columnTags",
"columnTag": {
"name": "Discovered.Passport",
"displayName": "Discovered . Passport",
"hasLeafNodes": false
}
}]
}'
Body parameters
The request accepts a JSON or YAML payload. See the global policy payload description for parameter details.
Response
The response returns the updated global policy configuration. See the payload reference guide for details about the response schema.