search
Release Notes

Update Policy Configuration

Update policy version configuration including conditions, actions, and settings

hashtag
Endpoints

PUT /api/private/lifecycle_management/policies/{policy_id}/versions/{version_number}
PATCH /api/private/lifecycle_management/policies/{policy_id}/versions/{version_number}

hashtag
Description

Update a specific version of an existing policy, including workflows, conditions, actions, and configuration settings. This endpoint allows you to modify the policy version's behavior and structure.

Use this endpoint to:

  • Modify policy version workflows, conditions, and actions

  • Update attribute transformers and lookup table references

  • Adjust password complexity rules and mover properties

  • Configure transformer functions for the policy version

circle-exclamation

Configuration changes to active policies take effect immediately. Consider testing changes in a draft policy first, or temporarily setting the policy to inactive during updates.

circle-info

Version Number Usage: You must update the specific version that is currently active or the version you want to modify. Use Get Policy to retrieve the current_version_number before making updates. You cannot create new versions through this endpoint; it only updates existing versions.

hashtag
API Reference

patch
Authorizations
AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters
value.policy_idstringRequired
value.version_numberstringRequired
Query parameters
update_maskstring · field-maskOptional
Body

A version of a policy, this includes the watcher profile for what starts the policy

policy_idstringOptional
version_numberinteger · int32Read-onlyOptional
stateinteger · enumOptional
config_versionstringRead-onlyOptional

This is the version of the config in case it changes in the future

created_bystringRead-onlyOptional
created_atstring · date-timeRead-onlyOptional
updated_atstring · date-timeRead-onlyOptional
published_bystringRead-onlyOptional
published_atstring · date-timeRead-onlyOptional
last_edited_bystringRead-onlyOptional
last_edited_atstring · date-timeRead-onlyOptional
Responses
chevron-right
200

OK

application/json
patch
/api/private/lifecycle_management/policies/{value.policy_id}/versions/{value.version_number}

hashtag
Request Examples

hashtag
Path Parameters

Parameter
Type
Required
Description

policy_id

string

Yes

Unique identifier of the policy

version_number

integer

Yes

Version number of the policy version to update

hashtag
Request Body

Field
Type
Required
Description

value

object

Yes

The updated PolicyVersion object

update_mask

object

No

Field mask specifying which fields to update

PolicyVersion Object Fields

Field
Type
Required
Description

policy_id

string

Yes

ID of the policy this version belongs to

version_number

integer

No

Version number (output only)

state

string

No

Version state: DRAFT, PUBLISHED, RETIRED

config

object

No

Policy version configuration containing workflows, actions, and transformers

Configuration Object Details

The config field contains the core policy version logic:

Field
Type
Description

workflows

array[object]

Array of workflow objects that define when and how the policy triggers

actions

array[object]

Array of action objects that define what happens when conditions are met

attribute_common_transformers

array[object]

Common attribute transformation rules

lookup_table_references

array[object]

References to lookup tables used by the policy

mover_properties

array[string]

List of properties that, when changed, mark an identity as a "mover"

password_complexity_rules

array[object]

Password complexity rules for sync operations

transformer_functions

array[object]

Custom transformation functions

hashtag
Response Examples

hashtag
Example Configuration

chevron-rightComplete Policy Configuration Examplehashtag

The following example shows a complete policy configuration with workflows, conditions, and actions:

Configuration Structure Explanation

Workflows define when the policy triggers:

  • trigger_string: SCIM filter expression that determines when the workflow activates

  • conditions_on_success: Array of conditions evaluated when the trigger is met

  • continuous_sync: Whether to continuously monitor for changes

Conditions specify additional criteria:

  • condition_type: SCIM filter expression for the specific condition

  • actions_to_run: Actions executed when this condition is met

Actions define what happens when conditions are satisfied:

  • type: Currently supports MANAGE_RELATIONSHIPS and SYNC_IDENTITIES

  • config: Action-specific configuration object

  • For MANAGE_RELATIONSHIPS: Defines access profiles to assign/remove

hashtag
Troubleshooting Common Issues

hashtag
404 Errors When Updating Policy Configuration

If you receive a 404 error when attempting to update a policy configuration, verify:

  1. Policy ID is correct: Confirm the policy exists by first calling GET /api/private/lifecycle_management/policies/{policy_id}

  2. Version number exists: Check the current_version_number from the GET response and ensure you're using the correct version

  3. Endpoint path is correct: Ensure you're using /versions/ (plural) in the URL path

Common mistake: Using /version/{number} instead of /versions/{number} in the endpoint path.

hashtag
Policy Version Not Found

If you get errors about version not found:

  • Always use the current_version_number from the Get Policy response

  • Policy versions are auto-created and managed by the system - you can't create arbitrary version numbers

  • If you need to work with a different version, you may need to publish or manage the policy state first

hashtag
Configuration Validation Errors

When policy configuration updates fail validation:

  1. Check JSON structure: Ensure your configuration object matches the expected schema

  2. Verify action types: Confirm action type values are valid (e.g., MANAGE_RELATIONSHIPS, SYNC_IDENTITIES)

  3. Validate SCIM expressions: Test trigger strings and condition strings for proper SCIM syntax

  4. Confirm referenced IDs: Ensure access profile IDs and other references exist in your environment

hashtag
Request Body Format

Ensure your request body follows this structure:

The configuration should be nested within a value.config object, not sent as the root object.

PreviousUpdate Policy StateNextAdd Condition to Policy Configuration

Last updated

Was this helpful?