Create Policy Control

POST /policies/policy-controls

Policy Controls determine how Policy Executions are handled. The type of policy control applied is determined by the kind field in the nested configuration object. These are the supported kinds:

RequestApproval: Require a specified number of approvals from a list of Users.
More control kinds coming soon...

User action signature required. See User Action Signing for more information.
Request headers required. See Request Headers for more information.
Authentication required. See Authentication Headers for more information.

Required Permissions

Name Conditions

Name	Conditions
`PolicyControls:Create`	Always Required

PolicyControls:Create

Always Required

Request body

The following fields are common to all kinds of Policy Controls:

Request body fields Required/Optional Description Type

Request body fields	Required/Optional	Description	Type
`name`	Required	A name for the control	String
`description`	Required	A description for the control	String
`configuration`	Required	A nested object specifying details of the Policy Control	Object

name

Required

A name for the control

String

description

Required

A description for the control

String

configuration

Required

A nested object specifying details of the Policy Control

Object

Approval Control

Use the following fields in the nested configuration object to create a Policy Control which requires a specified number of approvals from a list of Users:

Request body fields

Required/Optional

Description

Type

kind

Required

Specify: "RequestApproval"

Enumerated Type

approverUsernames

Required

The user IDs of the designated approvers. See List Users to get IDs. (See Note below re: legacy authentication)

Array of Strings

timeoutInMinutes

Required

The amount of time in minutes after which the policy execution can no longer be approved.

Integer

numApprovals

Required

The number of required approvals. Must be less than or equal to the approverUsernames array length.

Integer

Note: For legacy authentication, please specify an array of email addresses in the approverUsernames field like ["bob@example.com", "dan@example.com"]

Request Example

{
    "description": "My policy control",
    "name": "policy-control-back-office-01",
    "configuration": {
        "kind": "RequestApproval",
        "approverUsernames": ["us-4algk-4jfhv-8i4fj49s0ja8t4", "us-4jflw-98fj3-8isgdefs0ja8t4"],
        "timeoutInMinutes": 60,
        "numApprovals": 1
    }
}

Response

Response example

If successful, the response contains, among other things, a status indicating whether the rule has been enabled:

{
   "id": "pc-foxtrot-harry-ae42882af3",
   "version": "f1b2121lm",
   "kind": "RequestApproval",
   "orgId": "cu-purple-pip-1b417b958500",
   "author": "oe-nine-artist-9de60fef6963",
   "description": "Test policy control",
   "name": "Test 1",
   "configuration": {
       "kind": "RequestApproval",
       "approverUsernames": ["bob@example.com"],
       "timeoutInMinutes": 10,
       "numApprovals": 1
   },
   "dateCreated": "2022-07-14T21:36:42.574Z",
   "tags": [],
   "status": "Enabled"
}

Last updated 4 months ago