--- title: UserPolicies description: The User Policy resource endpoint is responsible for managing a user's policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used. component: pingam version: 8.1 page_id: pingam:entity-reference:sec-amster-entity-userpolicies canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-userpolicies.html section_ids: sec-amster-entity-userpolicies-realm-ops: Realm Operations sec-amster-entity-userpolicies-realm-ops-create: create sec-amster-entity-userpolicies-realm-ops-delete: delete sec-amster-entity-userpolicies-realm-ops-query: query sec-amster-entity-userpolicies-realm-ops-read: read sec-amster-entity-userpolicies-realm-ops-update: update --- # UserPolicies ## Realm Operations The User Policy resource endpoint is responsible for managing a user's policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used. Resource path: ``` /users/{user}/policies ``` Resource version: `1.0` ### create Create new policy **Usage** ``` am> create UserPolicies --realm Realm --id id --body body --user user ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "$schema" : "http://json-schema.org/draft-04/schema#", "description" : "Json schema for the policy resource", "title" : "Policy Resource Schema", "type" : "object", "properties" : { "name" : { "title" : "Name", "description" : "String matching the name of the application", "type" : "string" }, "active" : { "title" : "Active flag", "description" : "Boolean indicating whether OpenAM considers the policy active for evaluation purposes, defaults to false", "type" : "boolean" }, "description" : { "title" : "Description", "description" : "String describing the policy", "type" : "string" }, "applicationName" : { "title" : "Application name", "description" : "String containing the application name, such as \"iPlanetAMWebAgentService\", or \"mypolicyset\"", "type" : "string" }, "actionValues" : { "title" : "Action values", "description" : "Set of string action names, each set to a boolean indicating whether the action is allowed. Chosen from the available actions provided by the associated Managing Resource Types resource type", "type" : "object", "additionalProperties" : { "type" : "boolean" } }, "resources" : { "title" : "Resources", "description" : "List of the resource name pattern strings to which the policy applies. Must conform to the pattern templates provided by the associated Managing Resource Types resource type", "type" : "array", "items" : { "type" : "string" } }, "subject" : { "title" : "Subject", "description" : "Specifies the subject conditions to which the policy applies, where subjects can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where subject implementations are pluggable", "type" : "object" }, "condition" : { "title" : "Condition", "description" : "Specifies environment conditions, where conditions can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where condition implementations are pluggable", "type" : "object", "properties" : { "type" : { "type" : "string" }, "conditions" : { "type" : "array", "title" : "Condition", "description" : "Specifies environment conditions, where conditions can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where condition implementations are pluggable", "items" : { "type" : "object" } } } }, "resourceTypeUuid" : { "title" : "Resource Type UUID", "description" : "The UUIDs of the resource type associated with the policy", "type" : "string" }, "resourceAttributes" : { "title" : "Resource Attributes", "description" : "List of attributes to return with decisions. These attributes are known as response attributes", "type" : "array", "items" : { "type" : "object" } }, "lastModifiedBy" : { "title" : "Last Modified By", "description" : "A string containing the universal identifier DN of the subject that most recently updated the policy", "type" : "string" }, "lastModifiedDate" : { "title" : "Last Modified date", "description" : "An integer containing the last modified date and time, in number of seconds", "type" : "string" }, "createdBy" : { "title" : "Created By", "description" : "A string containing the universal identifier DN of the subject that created the policy", "type" : "string" }, "creationDate" : { "title" : "Creation Date", "description" : "An integer containing the creation date and time, in number of seconds", "type" : "string" } } } ``` * *\--user* The User Policy resource endpoint is responsible for managing a user's policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used. ### delete Delete policy **Usage** ``` am> delete UserPolicies --realm Realm --id id --user user ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--user* The User Policy resource endpoint is responsible for managing a user's policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used. ### query Query the stored policies **Usage** ``` am> query UserPolicies --realm Realm --filter filter --user user ``` **Parameters** * *\--filter* A CREST formatted query filter, where "true" will query all. Fields that can be queried: \[\*] * *\--user* The User Policy resource endpoint is responsible for managing a user's policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used. ### read Read policy **Usage** ``` am> read UserPolicies --realm Realm --id id --user user ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--user* The User Policy resource endpoint is responsible for managing a user's policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used. ### update Update an existing policy **Usage** ``` am> update UserPolicies --realm Realm --id id --body body --user user ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "$schema" : "http://json-schema.org/draft-04/schema#", "description" : "Json schema for the policy resource", "title" : "Policy Resource Schema", "type" : "object", "properties" : { "name" : { "title" : "Name", "description" : "String matching the name of the application", "type" : "string" }, "active" : { "title" : "Active flag", "description" : "Boolean indicating whether OpenAM considers the policy active for evaluation purposes, defaults to false", "type" : "boolean" }, "description" : { "title" : "Description", "description" : "String describing the policy", "type" : "string" }, "applicationName" : { "title" : "Application name", "description" : "String containing the application name, such as \"iPlanetAMWebAgentService\", or \"mypolicyset\"", "type" : "string" }, "actionValues" : { "title" : "Action values", "description" : "Set of string action names, each set to a boolean indicating whether the action is allowed. Chosen from the available actions provided by the associated Managing Resource Types resource type", "type" : "object", "additionalProperties" : { "type" : "boolean" } }, "resources" : { "title" : "Resources", "description" : "List of the resource name pattern strings to which the policy applies. Must conform to the pattern templates provided by the associated Managing Resource Types resource type", "type" : "array", "items" : { "type" : "string" } }, "subject" : { "title" : "Subject", "description" : "Specifies the subject conditions to which the policy applies, where subjects can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where subject implementations are pluggable", "type" : "object" }, "condition" : { "title" : "Condition", "description" : "Specifies environment conditions, where conditions can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where condition implementations are pluggable", "type" : "object", "properties" : { "type" : { "type" : "string" }, "conditions" : { "type" : "array", "title" : "Condition", "description" : "Specifies environment conditions, where conditions can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where condition implementations are pluggable", "items" : { "type" : "object" } } } }, "resourceTypeUuid" : { "title" : "Resource Type UUID", "description" : "The UUIDs of the resource type associated with the policy", "type" : "string" }, "resourceAttributes" : { "title" : "Resource Attributes", "description" : "List of attributes to return with decisions. These attributes are known as response attributes", "type" : "array", "items" : { "type" : "object" } }, "lastModifiedBy" : { "title" : "Last Modified By", "description" : "A string containing the universal identifier DN of the subject that most recently updated the policy", "type" : "string" }, "lastModifiedDate" : { "title" : "Last Modified date", "description" : "An integer containing the last modified date and time, in number of seconds", "type" : "string" }, "createdBy" : { "title" : "Created By", "description" : "A string containing the universal identifier DN of the subject that created the policy", "type" : "string" }, "creationDate" : { "title" : "Creation Date", "description" : "An integer containing the creation date and time, in number of seconds", "type" : "string" } } } ``` * *\--user* The User Policy resource endpoint is responsible for managing a user's policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used.