Skip to main content

Create Policy

Sprint 3

Create a new policy with rules and optional assignments.

Account Type & Use Case

Endpoint

POST /api/v1/policies

Headers

HeaderRequiredDescription
AuthorizationYesBearer <access_token>
Content-TypeYesapplication/json

Request Body

{
  "workspace_id": 1,
  "name": "RLS Policy - Region Filter",
  "description": "Filter rows by user region",
  "type": "row_level_security",
  "is_active": true,
  "priority": 10,
  "rules": [
    {
      "rule_name": "Region Filter Rule",
      "rule_type": "filter_rows",
      "rule_config": {
        "condition": "user_region = current_user_region",
        "table": "sales",
        "column": "region",
        "operator": "equals"
      },
      "rule_order": 0
    }
  ],
  "data_source_ids": [1, 2],
  "role_ids": [2],
  "metadata": {}
}

Parameters

FieldTypeRequiredDescription
workspace_idintegerNoWorkspace ID
namestringYesPolicy name (1-255 characters, cannot be empty)
descriptionstringNoPolicy description
typestringYesPolicy type (see PolicyTypeEnum)
is_activebooleanNoActive status (default: true)
priorityintegerNoPriority (default: 0, higher priority evaluated first)
rulesarray[PolicyRuleRequest]NoPolicy rules (see Rule Configuration)
metadataobjectNoAdditional metadata
data_source_idsarray[integer]NoData source IDs to assign policy to
role_idsarray[integer]NoRole IDs to assign policy to
user_idsarray[integer]NoUser IDs to assign policy to
dataset_idsarray[integer]NoDataset IDs to assign policy to
query_idsarray[integer]NoQuery IDs to assign policy to

PolicyTypeEnum Values

  • data_masking
  • access_control
  • row_level_security
  • column_level_security
  • query_restriction
  • query_limit
  • data_retention
  • other

Rule Configuration

RLS Rules (rule_type: "filter_rows")

{
  "rule_type": "filter_rows",
  "rule_config": {
    "condition": "user_region = current_user_region",
    "table": "sales",
    "column": "region",
    "operator": "equals"
  }
}

Data Masking Rules (rule_type: "mask_column")

{
  "rule_type": "mask_column",
  "rule_config": {
    "table": "users",
    "column": "email",
    "masking_method": "partial",
    "visible_chars": 3,
    "mask_from": "start"
  }
}

Query Limit Rules (rule_type: "limit_queries")

{
  "rule_type": "limit_queries",
  "rule_config": {
    "max_queries_per_hour": 100,
    "max_queries_per_day": 1000,
    "max_rows_per_query": 10000,
    "max_execution_time_seconds": 300
  }
}

Response

Success (201)

{
  "success": true,
  "data": {
    "id": 1,
    "organization_id": 1,
    "workspace_id": 1,
    "name": "RLS Policy - Region Filter",
    "description": "Filter rows by user region",
    "type": "row_level_security",
    "is_active": true,
    "priority": 10,
    "rules": [...],
    "assignments": [...],
    "created_by_user_id": 1,
    "created_at": "2024-12-01T08:00:00Z"
  },
  "message": "Policy created successfully"
}

Error Codes

StatusCodeDescription
400BAD_REQUESTInvalid request data or validation error
401UNAUTHORIZEDInvalid or missing authentication token
500INTERNAL_SERVER_ERRORInternal server error

Validations

  • name must be 1-255 characters and cannot be empty
  • RLS rules require condition, table, and column in rule_config
  • Data masking rules require table, column, and masking_method in rule_config
  • Query limit rules require at least one limit parameter

Features

  • Supports all policy types
  • Rule validation based on policy type
  • Optional assignments during creation
  • Organization-scoped

Example

curl -X POST "https://api.rivergen.com/api/v1/policies" \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "RLS Policy - Region Filter",
    "type": "row_level_security",
    "rules": [{
      "rule_type": "filter_rows",
      "rule_config": {
        "condition": "user_region = current_user_region",
        "table": "sales",
        "column": "region"
      }
    }]
  }'