Policies
Entity - Policies
Minimum API version 4.0
Note for API version 8.0
As of API version 8.0, all the APIs that refer to the Policy Assignments "hide" from the caller any Management Groups on which the caller does not have any Role assignment. This is intended for delegation of administration where the user is supposed to only manage a subset of endpoints, which are specified by means of Management Groups. The delegated administrator should only be able to see information related to his or her Management Groups, and not anything else in the organization. This is done transparently by the APIs unless otherwise noted, i.e., the API is called in the normal way as in previous versions, but the returned results are the ones that you would get if the only existing Management Groups were those on which you have any Role assignment. In other words, trying to access a specific information about Policy assignments on which you have no rights on an assigned Management Group will return an error, and retrieving information about the Policy assignments will return only the assigned Management Groups that are accessible to the calling user.
Verb | Request | Notes | Permissions required |
|---|---|---|---|
GET | /Consumer/Policies/{id} | Returns a single policy by its Id | Requires 'Read' permission on 'GuaranteedState' securable type |
GET | /Consumer/Policies/Pending/Changes | Returns information on whether policies have pending changes | Requires 'Execute' permission on 'PolicyDeployment' securable type |
GET | /Consumer/Policies | Returns all policies | Requires 'Read' permission on 'GuaranteedState' securable type |
POST | /Consumer/Policies/Search | Returns Policies that match the search parameters specified Allowed filter columns:
Allowed sort columns:
| Requires 'Read' permission on 'GuaranteedState' securable type |
POST | /Consumer/Policies/ShallowSearch | Returns Policies that match the search parameters specified. This endpoint returns Ids of rules instead of entire objects and Management Group names instead of entire objects. Allowed filter columns:
Allowed sort columns:
| Requires 'Read' permission on 'GuaranteedState' securable type |
POST | /Consumer/Policies | Creates a new policy | Requires 'Write' permission on 'GuaranteedState' securable type |
POST | /Consumer/Policies/{id}/Rules | Adds given Rules to a specific policy and returns updated policy. Rule Ids should be passed in as an array of integers in the body of the request. | Requires 'Write' permission on 'GuaranteedState' securable type |
DELETE | /Consumer/Policies/{id}/Rules | Removes all rules from a given policy and returns updated policy. | Requires 'Delete' permission on 'GuaranteedState' securable type |
DELETE | /Consumer/"Policies/{id}/Rules/{ruleId} | Removes a specific Rule from a given policy and returns updated policy. | Requires 'Delete' permission on 'GuaranteedState' securable type |
PUT | /Consumer/Policies | Updates and existing policy and returns updated policy. | Requires 'Write' permission on 'GuaranteedState' securable type |
DELETE | /Consumer/Policies/{id} | Deletes a policy | Requires 'Delete' permission on 'GuaranteedState' securable type |
POST | /Consumer/Policies/{id}/Enable/{enable} | Enables a policy if 'enable' parameter is set to 'true' or disables a policy if 'enable' parameter is set to 'false'. | Requires 'Write' permission on 'GuaranteedState' securable type |
POST | /Consumer/Policies/{id}/Assignments | Assigns a Policy to selected Management groups. Management Groups Ids should be passed in as an array of integers in the body of the request. | Requires 'Write' permission on 'GuaranteedState' securable type New for API version 8.0: Requires 'Assign' permission on the 'PolicyAssignment' securable type |
PUT | /Consumer/Policies/{id}/Assignments | Replaces all Management Groups assigned to a given policy with Management Groups supplied in this request. Management Groups Ids should be passed in as an array of integers in the body of the request. | Requires 'Write' permission on 'GuaranteedState' securable type New for API version 8.0: Requires 'Assign' permission on the 'PolicyAssignment' securable type |
GET | /Consumer/Policies/{id}/Assignments | Returns Management groups assigned to given Policy | Requires 'Read' permission on 'GuaranteedState' securable type |
DELETE | /Consumer/Policies/{id}/Assignments | Removes all Management Groups from given policy | Requires 'Delete' permission on 'GuaranteedState' securable type New for API version 8.0: Requires 'Assign' permission on the 'PolicyAssignment' securable type |
DELETE | /Consumer/Policies/{id}/Assignments/ ManagementGroups/{managementGroupId} | Removes specific Management Group from given policy | Requires 'Delete' permission on 'GuaranteedState' securable type New for API version 8.0: Requires 'Assign' permission on the 'PolicyAssignment' securable type |
GET | /Consumer/Policies/Unlicensed | Minimum API version 5.1 Returns a list of Ids of Policies that use unlicensed Fragments | Requires 'Read' permission on 'GuaranteedState' securable type |