Import Policy
  • 20 Nov 2024
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Import Policy

  • Dark
    Light
  • PDF

Article summary

Post
/api/1.0/policies/{envId}

Note: This version is going to be deprecated in June 2025.
See Import Policy V2 for the latest documentation.


This API is used to create new Policies, update existing Policies and promote Policies between Environments. Note that only valid Policies will be created successfully.

Notice

Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Location
  • United States (US) - https://api.us1.plainid.io
  • Canada (CA) - https://api.ca1.plainid.io
  • Europe (EU) - https://api.eu1.plainid.io
  • Local PAA - https://api.plainid.local
  • Prerequisites

    The following objects need to be available in the target Environment to successfully import the code:

  • Identity Templates in the target Environment with relevant Identity Attributes defined in the Identity Workspace Settings screen.
  • Asset Templates in the target Environment with associated Asset Attributes and Actions defined in the Asset Type Settings screen.
  • The following objects need to be available in the target Environment for Policies created to be considered in the access decision:

  • Asset Types used in the Policy should be connected to an Application defined in the Applications area of the Authorization Workspace.
  • The relevant Application should be connected to a Scope defined in the Environment settings.

  • These connections can be defined before or after importing the Policy. Without these objects, the Policies can be successfully imported, but will not be considered as part of the Access decisions calculation.

    cURL Sample Guidelines

    In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right. They will then appear in the cURL sample on the bottom of the page in the correct format.

    Security
    HTTP
    Type bearer

    For more details about Administration API Authentication, check out the Authentication APIs documentation. Provide your bearer token in the Authorization header when making requests to protected resources. Example: Authorization: Bearer 123

    Path parameters
    envId
    stringRequired

    The environment that the policy will be imported to
    The Environment ID can be found under the Details tab in the Environment Settings.

    Body parameters
    Sample Import Policy - Valid
    {
      "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity, requestParams){\n\tasset.template == \"Bank Accounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Accounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
      "language": "rego",
      "authWsId": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
    }
    Sample Import Policy - With invalid `identity.template`
    {
      "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity, requestParams){\n\tasset.template == \"Bank Accounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Accounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
      "language": "rego",
      "authWsId": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
    }
    Sample Import Policy - With Multiple Errors
    {
      "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"Usr\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity, requestParams){\n\tasset.template == \"Bank Acounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Acounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
      "language": "rego",
      "authWsId": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
    }
    object
    policyCode
    string Required

    Structured Rego Policy

    Detailed instructions for structured Rego to be found [here] - (https://docs.plainid.io/apidocs/structured-rego)

    authWsId
    string Required

    Authorization Workspace ID. This can be found in your Authorization Workspace Settings under Workspace ID.

    language
    string Required

    The code language - rego

    Responses
    201

    Policy Created

    Headers
    x-request-id
    string
    Policy Created Successfully
    {
      "data": {
        "language": "rego",
        "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity, requestParams){\n\tasset.template == \"Bank Accounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Accounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
        "isPolicyCompleted": true
      }
    }
    Expand All
    object
    data
    object
    language
    string
    policyCode
    string
    isPolicyCompleted
    boolean
    400

    Policy Import Failed - Validation Errors

    Headers
    x-request-id
    string
    Validation error
    {
      "errors": [
        {
          "code": "PACV-001",
          "id": "EVR045",
          "name": "TemplateNotFound",
          "message": "Template ID [Usr] was not found in Environment ID [ed252aa5-9d0c-4193-8388-60bf20b13109]. Hint: Did you mean [User]?",
          "line": 39
        }
      ]
    }
    Multiple validation errors
    {
      "errors": [
        {
          "code": "PACV-001",
          "id": "EOEN7T",
          "name": "TemplateNotFound",
          "message": "Template ID [Usr] was not found in Environment ID [ed252aa5-9d0c-4193-8388-60bf20b13109]. Hint: Did you mean [User]?",
          "line": 39
        },
        {
          "code": "PACV-001",
          "id": "EJFMNJ",
          "name": "TemplateNotFound",
          "message": "Template ID [Bank Acounts] was not found in Environment ID [ed252aa5-9d0c-4193-8388-60bf20b13109]. Hint: Did you mean [Bank Accounts, Client Profiles, Credit Cards, Loans, Modules App customer, Modules App Internal]?",
          "line": 60
        },
        {
          "code": "PACV-004",
          "id": "E5KZRO",
          "name": "MissingRequiredActions",
          "message": "Action Rule was not defined for Asset Template [Bank Accounts]. Hint: Remove the Ruleset or add required Action Rule with one or more Actions [Manage, Suspend, View].",
          "line": -1
        }
      ]
    }
    Authorization Workspace not found
    {
      "errors": [
        {
          "code": "PAC-001",
          "args": {
            "0": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
          },
          "id": "EBLBJH",
          "status": 400,
          "name": "AuthorizationWsNotFound",
          "message": "AuthorizationWs: [57fd3c41-fada-41a9-b5ab-fad1133f1e63] not found"
        }
      ]
    }
    Expand All
    object
    errors
    Array of object
    object
    code
    string
    name
    string
    line
    integer
    message
    string
    401

    Unauthorized

    Headers
    x-request-id
    string
    422

    Validation Failed - Invalid UUID

    Headers
    x-request-id
    string
    Invalid ID Format
    {
      "errors": [
        {
          "code": "V-032",
          "args": {
            "0": "ed252aa5-9d0c-4193-838-60bf20b13109",
            "1": "uuid"
          },
          "id": "EEJQMA",
          "status": 422,
          "name": "UnprocessableEntityError",
          "message": "$: ed252aa5-9d0c-4193-838-60bf20b13109 is an invalid uuid"
        }
      ]
    }
    Expand All
    object
    errors
    Array of object
    object
    code
    string
    args
    object
    0
    string
    1
    string
    id
    string
    status
    integer
    name
    string
    message
    string

    Was this article helpful?

    What's Next