Create or update a single Ranger policy

curl --request POST \ --url https://api.example.com/api/govern/data-access/policies \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data ' { "name": "<string>", "resources": {}, "description": "", "policyType": 0, "policyPriority": 0, "isEnabled": true, "isAuditEnabled": true, "isDenyAllElse": false, "policyItems": [ { "accesses": [ { "type": "<string>", "isAllowed": true } ], "users": [ "<string>" ], "groups": [ "<string>" ], "roles": [ "<string>" ], "delegateAdmin": false } ], "denyPolicyItems": [ { "accesses": [ { "type": "<string>", "isAllowed": true } ], "users": [ "<string>" ], "groups": [ "<string>" ], "roles": [ "<string>" ], "delegateAdmin": false } ], "allowExceptions": [ { "accesses": [ { "type": "<string>", "isAllowed": true } ], "users": [ "<string>" ], "groups": [ "<string>" ], "roles": [ "<string>" ], "delegateAdmin": false } ], "denyExceptions": [ { "accesses": [ { "type": "<string>", "isAllowed": true } ], "users": [ "<string>" ], "groups": [ "<string>" ], "roles": [ "<string>" ], "delegateAdmin": false } ], "rowFilterPolicyItems": [ { "rowFilterInfo": {}, "accesses": [ { "type": "<string>", "isAllowed": true } ], "users": [ "<string>" ], "groups": [ "<string>" ], "roles": [ "<string>" ] } ], "dataMaskPolicyItems": [ { "dataMaskInfo": { "dataMaskType": "<string>", "conditionExpr": "<string>", "valueExpr": "<string>" }, "accesses": [ { "type": "<string>", "isAllowed": true } ], "users": [ "<string>" ], "groups": [ "<string>" ], "delegateAdmin": false } ], "policyLabels": [ "<string>" ], "overwrite": false } '

Authorizations

Authorization

string

header

required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

Request to create or update a single Ranger policy.

name

string

required

Policy name.

resources

Resources · object

required

Resource definitions keyed by resource type (e.g., 'catalog', 'schema', 'table', 'column', 'url').

Show child attributes

description

string

default:""

Policy description.

policyType

integer

default:0

0=ACCESS, 1=MASKING, 2=ROWFILTER.

policyPriority

integer

default:0

0=NORMAL, 1=OVERRIDE. Controls evaluation order.

isEnabled

boolean

default:true

isAuditEnabled

boolean

default:true

isDenyAllElse

boolean

default:false

If true, Ranger denies any access not explicitly allowed by this policy.

policyItems

RangerPolicyItemModel · object[]

Allow access items.

Show child attributes

denyPolicyItems

RangerPolicyItemModel · object[]

Deny access items.

Show child attributes

allowExceptions

RangerPolicyItemModel · object[]

Allow exception items.

Show child attributes

denyExceptions

RangerPolicyItemModel · object[]

Deny exception items.

Show child attributes

rowFilterPolicyItems

RangerRowFilterItemModel · object[]

Row filter items (policyType=2 only).

Show child attributes

dataMaskPolicyItems

RangerDataMaskItemModel · object[]

Masking items (policyType=1 only).

Show child attributes

policyLabels

string[]

Labels for grouping/filtering policies.

overwrite

boolean

default:false

If False (default), a name collision returns 409. Set to True to intentionally update an existing policy of the same name.

Response

Policy updated.

policy_id

integer

required

Ranger policy ID.

policy_name

string

required

Ranger policy name.

status

string

required

'created' or 'updated'.