Creates a custom policy

POST 
https://apis.<domain>/iam/policies

Creates a custom IAM policy used to control permissions. A policy is composed of one or more statements that grant permissions to a set of members. Each statement contains a role as well as a list of tenants.

The role defines a set of actions that the statement is scoped to. The tenant list defines the set of resources that the statement is scoped to. Pass "tenants": ["*"] to scope a statement to every tenant.

A policy's top-level tenants list defines which tenants the policy belongs to (for filtering policies by their tenants), whereas the statement-level tenants list defines which tenants the statement applies to.

The example creates a new policy not associated with any tenant (because the top-level tenants property is empty) that grants the viewer role on a few tenants for all local teams and a custom role myRole on a specific tenant.

Authorization Action:

iam:policies:create

Request

application/json

Bodyrequired

Does not contain type as the enduser can only create 'custom' policies.

idstringrequired

Unique ID. Cannot be changed.

namestringrequired

Name for the policy.

membersstring[]

Members affected by this policy.

statements object[]required
Statements for the policy.
Array [
effectcompiuta.api.iam.v2.Statement.Effect (string)
Possible values: [ALLOW, DENY]
Default value: ALLOW
actionsstring[]
Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical.
rolestring
The role defines a set of actions that the statement is scoped to.
resourcesstring[]
Resources defined inline.
tenantsstring[]
The tenant list defines the set of resources that the statement is scoped to. May be empty.
]
tenantsstring[]

List of tenants this policy belongs to.

Responses

200

A successful response.

application/json

Schema

Schema

policy object

namestring

Name for the policy.

idstring

Unique ID. Cannot be changed.

typecompiuta.api.iam.v2.Type (string)

Possible values: [COMPIUTA_MANAGED, CUSTOM]

Default value: COMPIUTA_MANAGED

membersstring[]

Members affected by this policy. May be empty.

statements object[]

Statements for the policy. Will contain one or more.

Array [

effectcompiuta.api.iam.v2.Statement.Effect (string)

Possible values: [ALLOW, DENY]

Default value: ALLOW

actionsstring[]

Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical.

rolestring

The role defines a set of actions that the statement is scoped to.

resourcesstring[]

Resources defined inline.

tenantsstring[]

The tenant list defines the set of resources that the statement is scoped to. May be empty.

]

tenantsstring[]

List of tenants this policy belongs to. May be empty.

Example (auto)

{
  "name": "My Viewer Policy",
  "id": "custom-viewer-policy",
  "members": [
    "team:local:*"
  ],
  "statements": [
    {
      "role": "viewer",
      "tenants": [
        "tenant1",
        "tenant2"
      ],
      "effect": "ALLOW"
    },
    {
      "role": "myRole",
      "tenants": [
        "exampleTenant"
      ],
      "effect": "ALLOW"
    }
  ],
  "tenants": []
}

default

An unexpected error response.

application/json

Schema

Schema

codeinteger<int32>
messagestring
details object[]
Array [
@typestring
property name*any
]

Example (auto)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

• csharp
• curl
• dart
• go
• http
• java
• javascript
• kotlin
• c
• nodejs
• objective-c
• ocaml
• php
• powershell
• python
• r
• ruby
• rust
• shell
• swift

• HTTPCLIENT
• RESTSHARP

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://apis.<domain>/iam/policies");
request.Headers.Add("Accept", "application/json");
var content = new StringContent("{\n  \"name\": \"My Viewer Policy\",\n  \"id\": \"custom-viewer-policy\",\n  \"members\": [\n    \"team:local:*\"\n  ],\n  \"statements\": [\n    {\n      \"role\": \"viewer\",\n      \"tenants\": [\n        \"tenant1\",\n        \"tenant2\"\n      ],\n      \"effect\": \"ALLOW\"\n    },\n    {\n      \"role\": \"myRole\",\n      \"tenants\": [\n        \"exampleTenant\"\n      ],\n      \"effect\": \"ALLOW\"\n    }\n  ],\n  \"tenants\": []\n}", null, "application/json");
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());

Request Collapse all

Base URL

https://apis.<domain>

Body required

{
  "name": "My Viewer Policy",
  "id": "custom-viewer-policy",
  "members": [
    "team:local:*"
  ],
  "statements": [
    {
      "role": "viewer",
      "tenants": [
        "tenant1",
        "tenant2"
      ],
      "effect": "ALLOW"
    },
    {
      "role": "myRole",
      "tenants": [
        "exampleTenant"
      ],
      "effect": "ALLOW"
    }
  ],
  "tenants": []
}