Policies control user rights, by defining one or more rules to apply to the attached principals (users, groups or applications). A policy rule has two parts:\ permission set and scope.
For each policy rule, you specify one or more permission sets (eg. “list all Instances”) and their scope (eg. “on Project A only”). This therefore defines the actions that the principles can carry out on resources within the scope.
List policies of an Organization
List the policies of an Organization. By default, the policies listed are ordered by creation date in ascending order. This can be modified via the order_by field. You must define the organization_id in the query path of your request. You can also define additional parameters to filter your query, such as user_ids, groups_ids, application_ids, and policy_name.
query Parameters
order_byCriteria for sorting results.
page_sizeNumber of results per page. Value must be between 1 and 100.
pagePage number. Value must be greater than 1.
organization_idID of the Organization to filter.
editableDefines whether or not filter out editable policies.
user_idsDefines whether or not to filter by list of user IDs.
group_idsDefines whether or not to filter by list of group IDs.
application_idsFilter by a list of application IDs.
no_principalDefines whether or not the policy is attributed to a principal.
policy_nameName of the policy to fetch.
tagFilter by tags containing a given string.
policy_idsFilter by a list of IDs.
List policies of an Organization › Responses
List of policies.
total_countTotal count of policies.
Create a new policy
Create a new application. You must define the name parameter in the request. You can specify parameters such as user_id, groups_id, application_id, no_principal, rules and its child attributes.
Create a new policy › Request Body
nameName of the policy to create (max length is 64 characters).
descriptionDescription of the policy to create (max length is 200 characters).
organization_idID of the Organization.
Rules of the policy to create.
tagsTags associated with the policy (maximum of 10 tags).
user_idID of user attributed to the policy.
group_idID of group attributed to the policy.
application_idID of application attributed to the policy.
no_principalDefines whether or not a policy is attributed to a principal.
Create a new policy › Responses
idId of the policy.
nameName of the policy.
descriptionDescription of the policy.
organization_idOrganization ID of the policy.
created_atDate and time of policy creation. (RFC 3339 format)
updated_atDate and time of last policy update. (RFC 3339 format)
editableDefines whether or not a policy is editable.
deletableDefines whether or not a policy is deletable.
managedDefines whether or not a policy is managed.
nb_rulesNumber of rules of the policy.
nb_scopesNumber of policy scopes.
nb_permission_setsNumber of permission sets of the policy.
tagsTags associated with the policy.
user_idID of the user attributed to the policy.
group_idID of the group attributed to the policy.
application_idID of the application attributed to the policy.
no_principalDefines whether or not a policy is attributed to a principal.
Get an existing policy
Retrieve information about a policy, specified by the policy_id parameter. The policy's full details, including id, name, organization_id, nb_rules and nb_scopes, nb_permission_sets are returned in the response.
path Parameters
policy_idId of policy to search.
Get an existing policy › Responses
idId of the policy.
nameName of the policy.
descriptionDescription of the policy.
organization_idOrganization ID of the policy.
created_atDate and time of policy creation. (RFC 3339 format)
updated_atDate and time of last policy update. (RFC 3339 format)
editableDefines whether or not a policy is editable.
deletableDefines whether or not a policy is deletable.
managedDefines whether or not a policy is managed.
nb_rulesNumber of rules of the policy.
nb_scopesNumber of policy scopes.
nb_permission_setsNumber of permission sets of the policy.
tagsTags associated with the policy.
user_idID of the user attributed to the policy.
group_idID of the group attributed to the policy.
application_idID of the application attributed to the policy.
no_principalDefines whether or not a policy is attributed to a principal.
Delete a policy
Delete a policy. You must define specify the policy_id parameter in your request. Note that when deleting a policy, all permissions it gives to its principal (user, group or application) will be revoked.
path Parameters
policy_idId of policy to delete.
Delete a policy › Responses
Update an existing policy
Update the parameters of a policy, including name, description, user_id, group_id, application_id and no_principal.
path Parameters
policy_idId of policy to update.
Update an existing policy › Request Body
nameNew name for the policy (max length is 64 characters).
descriptionNew description of policy (max length is 200 characters).
tagsNew tags for the policy (maximum of 10 tags).
user_idNew ID of user attributed to the policy.
group_idNew ID of group attributed to the policy.
application_idNew ID of application attributed to the policy.
no_principalDefines whether or not the policy is attributed to a principal.
Update an existing policy › Responses
idId of the policy.
nameName of the policy.
descriptionDescription of the policy.
organization_idOrganization ID of the policy.
created_atDate and time of policy creation. (RFC 3339 format)
updated_atDate and time of last policy update. (RFC 3339 format)
editableDefines whether or not a policy is editable.
deletableDefines whether or not a policy is deletable.
managedDefines whether or not a policy is managed.
nb_rulesNumber of rules of the policy.
nb_scopesNumber of policy scopes.
nb_permission_setsNumber of permission sets of the policy.
tagsTags associated with the policy.
user_idID of the user attributed to the policy.
group_idID of the group attributed to the policy.
application_idID of the application attributed to the policy.
no_principalDefines whether or not a policy is attributed to a principal.
Clone a policy
Clone a policy. You must define specify the policy_id parameter in your request.
path Parameters
policy_idClone a policy › Responses
idId of the policy.
nameName of the policy.
descriptionDescription of the policy.
organization_idOrganization ID of the policy.
created_atDate and time of policy creation. (RFC 3339 format)
updated_atDate and time of last policy update. (RFC 3339 format)
editableDefines whether or not a policy is editable.
deletableDefines whether or not a policy is deletable.
managedDefines whether or not a policy is managed.
nb_rulesNumber of rules of the policy.
nb_scopesNumber of policy scopes.
nb_permission_setsNumber of permission sets of the policy.
tagsTags associated with the policy.
user_idID of the user attributed to the policy.
group_idID of the group attributed to the policy.
application_idID of the application attributed to the policy.
no_principalDefines whether or not a policy is attributed to a principal.