Skip to main content

Updates a custom policy

PUT 
https://apis.<domain>/iam/policies/:id

This operation overwrites all fields excepting ID, including those omitted from the request, so be sure to specify all properties. Properties that you do not include are reset to empty values. The only exception is the policy ID, which is immutable; it can only be set at creation time.

While you can use this endpoint to update members on a policy, if that is the only property you wish to modify use one of these endpoints instead: Add policy members, Remove policy members, or Replace policy members.

Authorization Action:

iam:policies:update

Request

Path Parameters

    id stringrequired

    Unique ID. Cannot be changed.

Bodyrequired

    membersstring[]

    Members affected by this policy.

    statements object[]required

    Statements for the policy.

  • Array [
    • effectcompiuta.api.iam.v2.Statement.Effect (string)

    Possible values: [ALLOW, DENY]

    Default value: ALLOW
    actionsstring[]

    Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical.

    rolestring

    The role defines a set of actions that the statement is scoped to.

    resourcesstring[]

    Resources defined inline.

    tenantsstring[]

    The tenant list defines the set of resources that the statement is scoped to. May be empty.

  • ]
    • namestringrequired

    Name for this policy.

    tenantsstring[]

    List of tenants this policy belongs to.

Responses

A successful response.

Schema
    policy object
    namestring

    Name for the policy.

    idstring

    Unique ID. Cannot be changed.

    typecompiuta.api.iam.v2.Type (string)

    Possible values: [COMPIUTA_MANAGED, CUSTOM]

    Default value: COMPIUTA_MANAGED
    membersstring[]

    Members affected by this policy. May be empty.

    statements object[]

    Statements for the policy. Will contain one or more.

  • Array [
    • effectcompiuta.api.iam.v2.Statement.Effect (string)

    Possible values: [ALLOW, DENY]

    Default value: ALLOW
    actionsstring[]

    Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical.

    rolestring

    The role defines a set of actions that the statement is scoped to.

    resourcesstring[]

    Resources defined inline.

    tenantsstring[]

    The tenant list defines the set of resources that the statement is scoped to. May be empty.

  • ]
    • tenantsstring[]

    List of tenants this policy belongs to. May be empty.

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Put, "https://apis.<domain>/iam/policies/:id");
request.Headers.Add("Accept", "application/json");
var content = new StringContent("{\n  \"name\": \"My Updated Viewer Policy\",\n  \"members\": [\n    \"user:local:newuser\",\n    \"team:local:newteam\"\n  ],\n  \"statements\": [\n    {\n      \"role\": \"viewer\",\n      \"tenants\": [\n        \"tenant1\",\n        \"tenant2\"\n      ],\n      \"effect\": \"ALLOW\"\n    },\n    {\n      \"role\": \"myRole\",\n      \"tenants\": [\n        \"exampleTenant\"\n      ],\n      \"effect\": \"ALLOW\"\n    }\n  ],\n  \"tenants\": []\n}", null, "application/json");
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());
Request Collapse all
Base URL
https://apis.<domain>
Parameters
— pathrequired
Body required
{
  "name": "My Updated Viewer Policy",
  "members": [
    "user:local:newuser",
    "team:local:newteam"
  ],
  "statements": [
    {
      "role": "viewer",
      "tenants": [
        "tenant1",
        "tenant2"
      ],
      "effect": "ALLOW"
    },
    {
      "role": "myRole",
      "tenants": [
        "exampleTenant"
      ],
      "effect": "ALLOW"
    }
  ],
  "tenants": []
}