Skip to main content

Updates a custom policy

PUT 
https://apis.<domain>/iam/policies/:id

This operation overwrites all fields excepting ID, including those omitted from the request, so be sure to specify all properties. Properties that you do not include are reset to empty values. The only exception is the policy ID, which is immutable; it can only be set at creation time.

While you can use this endpoint to update members on a policy, if that is the only property you wish to modify use one of these endpoints instead: Add policy members, Remove policy members, or Replace policy members.

Authorization Action:

iam:policies:update

Request

Path Parameters

    id stringrequired

    Unique ID. Cannot be changed.

Body

required
    members string[]

    Members affected by this policy.

    statements object[]required

    Statements for the policy.

  • Array [
    • effect compiuta.api.iam.v2.Statement.Effect

    Possible values: [ALLOW, DENY]

    Default value: ALLOW

    actions string[]

    Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical.

    role string

    The role defines a set of actions that the statement is scoped to.

    resources string[]

    Resources defined inline.

    tenants string[]

    The tenant list defines the set of resources that the statement is scoped to. May be empty.

  • ]
    • name stringrequired

    Name for this policy.

    tenants string[]

    List of tenants this policy belongs to.

Responses

A successful response.

Schema
    policy object
    name string

    Name for the policy.

    id string

    Unique ID. Cannot be changed.

    type compiuta.api.iam.v2.Type

    Possible values: [COMPIUTA_MANAGED, CUSTOM]

    Default value: COMPIUTA_MANAGED

    members string[]

    Members affected by this policy. May be empty.

    statements object[]

    Statements for the policy. Will contain one or more.

  • Array [
    • effect compiuta.api.iam.v2.Statement.Effect

    Possible values: [ALLOW, DENY]

    Default value: ALLOW

    actions string[]

    Actions defined inline. May be empty. Best practices recommend that you use custom roles rather than inline actions where practical.

    role string

    The role defines a set of actions that the statement is scoped to.

    resources string[]

    Resources defined inline.

    tenants string[]

    The tenant list defines the set of resources that the statement is scoped to. May be empty.

  • ]
    • tenants string[]

    List of tenants this policy belongs to. May be empty.

curl -L -X PUT 'https://apis.<domain>/iam/policies/:id' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
--data-raw '{
  "name": "My Updated Viewer Policy",
  "members": [
    "user:local:newuser",
    "team:local:newteam"
  ],
  "statements": [
    {
      "role": "viewer",
      "tenants": [
        "tenant1",
        "tenant2"
      ],
      "effect": "ALLOW"
    },
    {
      "role": "myRole",
      "tenants": [
        "exampleTenant"
      ],
      "effect": "ALLOW"
    }
  ],
  "tenants": []
}'
Request Collapse all
Base URL
https://apis.<domain>
Parameters
— pathrequired
Body required
{

  "name": "My Updated Viewer Policy",

  "members": [

    "user:local:newuser",

    "team:local:newteam"

  ],

  "statements": [

    {

      "role": "viewer",

      "tenants": [

        "tenant1",

        "tenant2"

      ],

      "effect": "ALLOW"

    },

    {

      "role": "myRole",

      "tenants": [

        "exampleTenant"

      ],

      "effect": "ALLOW"

    }

  ],

  "tenants": []

}