> ## Documentation Index > Fetch the complete documentation index at: https://docs.nx1cloud.com/llms.txt > Use this file to discover all available pages before exploring further. # Create or update a single Ranger policy ## OpenAPI ````yaml post /api/govern/data-access/policies openapi: 3.1.0 info: title: Nx1 AI API description: | AI API for Nx1 Data Platform Management and Automated Data Tasks. Authentication is required via PSK in Authorization header. Default PSK is | [ask a friend] | version: 0.10.2 servers: [] security: [] paths: /api/govern/data-access/policies: post: tags: - Policy Management summary: Create or update a single Ranger policy operationId: create_policy_api_govern_data_access_policies_post requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PolicyCreateRequest' responses: '200': description: Policy updated. content: application/json: schema: $ref: '#/components/schemas/PolicyCreateResponse' '201': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/PolicyCreateResponse' '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '409': description: Policy name already exists; set overwrite=true to update. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '422': description: Unprocessable Content content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '503': description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' security: - OAuth2AuthorizationCodeBearer: [] - APIKeyHeader: [] components: schemas: PolicyCreateRequest: properties: name: type: string title: Name description: Policy name. description: type: string title: Description description: Policy description. default: '' resources: additionalProperties: $ref: '#/components/schemas/RangerResourceValue' type: object title: Resources description: >- Resource definitions keyed by resource type (e.g., 'catalog', 'schema', 'table', 'column', 'url'). policyType: type: integer title: Policytype description: 0=ACCESS, 1=MASKING, 2=ROWFILTER. default: 0 policyPriority: type: integer title: Policypriority description: 0=NORMAL, 1=OVERRIDE. Controls evaluation order. default: 0 isEnabled: type: boolean title: Isenabled default: true isAuditEnabled: type: boolean title: Isauditenabled default: true isDenyAllElse: type: boolean title: Isdenyallelse description: >- If true, Ranger denies any access not explicitly allowed by this policy. default: false policyItems: items: $ref: '#/components/schemas/RangerPolicyItemModel' type: array title: Policyitems description: Allow access items. denyPolicyItems: items: $ref: '#/components/schemas/RangerPolicyItemModel' type: array title: Denypolicyitems description: Deny access items. allowExceptions: items: $ref: '#/components/schemas/RangerPolicyItemModel' type: array title: Allowexceptions description: Allow exception items. denyExceptions: items: $ref: '#/components/schemas/RangerPolicyItemModel' type: array title: Denyexceptions description: Deny exception items. rowFilterPolicyItems: items: $ref: '#/components/schemas/RangerRowFilterItemModel' type: array title: Rowfilterpolicyitems description: Row filter items (policyType=2 only). dataMaskPolicyItems: items: $ref: '#/components/schemas/RangerDataMaskItemModel' type: array title: Datamaskpolicyitems description: Masking items (policyType=1 only). policyLabels: items: type: string type: array title: Policylabels description: Labels for grouping/filtering policies. overwrite: type: boolean title: Overwrite description: >- If False (default), a name collision returns 409. Set to True to intentionally update an existing policy of the same name. default: false type: object required: - name - resources title: PolicyCreateRequest description: Request to create or update a single Ranger policy. PolicyCreateResponse: properties: policy_id: type: integer title: Policy Id description: Ranger policy ID. policy_name: type: string title: Policy Name description: Ranger policy name. status: type: string title: Status description: '''created'' or ''updated''.' type: object required: - policy_id - policy_name - status title: PolicyCreateResponse ErrorResponse: properties: error: type: string title: Error description: A brief description of the error that occurred. code: type: integer title: Code description: The HTTP status code associated with the error. default: 500 type: object required: - error title: ErrorResponse RangerResourceValue: properties: values: items: type: string type: array title: Values description: Resource values (e.g., ['iceberg'], ['my_schema'], ['*']). isExcludes: type: boolean title: Isexcludes description: If true, the values are excluded. default: false isRecursive: type: boolean title: Isrecursive description: If true, applies recursively. default: false type: object required: - values title: RangerResourceValue description: >- A single resource entry in a Ranger policy (e.g., catalog, schema, table). RangerPolicyItemModel: properties: accesses: items: $ref: '#/components/schemas/RangerAccess' type: array title: Accesses description: Access types granted/denied. users: items: type: string type: array title: Users description: Users this item applies to. groups: items: type: string type: array title: Groups description: Groups this item applies to. roles: items: type: string type: array title: Roles description: Roles this item applies to. delegateAdmin: type: boolean title: Delegateadmin description: Whether grantees can delegate admin rights. default: false type: object title: RangerPolicyItemModel description: An access control entry within a Ranger policy. RangerRowFilterItemModel: properties: accesses: items: $ref: '#/components/schemas/RangerAccess' type: array title: Accesses users: items: type: string type: array title: Users groups: items: type: string type: array title: Groups roles: items: type: string type: array title: Roles rowFilterInfo: additionalProperties: true type: object title: Rowfilterinfo description: 'Row filter definition, e.g., {''filterExpr'': ''col > 5''}.' type: object required: - rowFilterInfo title: RangerRowFilterItemModel description: A row filter entry within a Ranger row-filter policy. RangerDataMaskItemModel: properties: accesses: items: $ref: '#/components/schemas/RangerAccess' type: array title: Accesses users: items: type: string type: array title: Users groups: items: type: string type: array title: Groups delegateAdmin: type: boolean title: Delegateadmin default: false dataMaskInfo: $ref: '#/components/schemas/RangerDataMaskInfoModel' type: object required: - dataMaskInfo title: RangerDataMaskItemModel description: A masking entry within a Ranger masking policy. RangerAccess: properties: type: type: string title: Type description: Access type (e.g., 'select', 'insert', 'use', 'show'). isAllowed: type: boolean title: Isallowed description: Whether this access is allowed. default: true type: object required: - type title: RangerAccess description: A single access type in a policy item. RangerDataMaskInfoModel: properties: dataMaskType: type: string title: Datamasktype description: Mask type name from the service-def (e.g., 'MASK', 'MASK_NULL'). conditionExpr: anyOf: - type: string - type: 'null' title: Conditionexpr valueExpr: anyOf: - type: string - type: 'null' title: Valueexpr type: object required: - dataMaskType title: RangerDataMaskInfoModel description: 'Masking spec: which mask type + optional expressions.' securitySchemes: OAuth2AuthorizationCodeBearer: type: oauth2 flows: authorizationCode: scopes: {} authorizationUrl: >- https://sso-rapid.rapid.nx1cloud.com/realms/rapid/protocol/openid-connect/auth tokenUrl: >- https://sso-rapid.rapid.nx1cloud.com/realms/rapid/protocol/openid-connect/token APIKeyHeader: type: apiKey in: header name: Authorization-PSK ````