Docs Home
cyral 4.16.3 published on Monday, Apr 14, 2025 by cyralinc
cyral.PolicyRule
Explore with Pulumi AI
# cyral.PolicyRule (Resource)
DEPRECATED For control planes
>= v4.15, use resourcecyral.PolicyV2instead.
Import ID syntax is
{policy_id}/{policy_rule_id}, where{policy_rule_id}is the ID of the policy rule in the Cyral Control Plane.
Create PolicyRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyRule(name: string, args: PolicyRuleArgs, opts?: CustomResourceOptions);@overload
def PolicyRule(resource_name: str,
args: PolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy_id: Optional[str] = None,
cyral_policy_rule_id: Optional[str] = None,
deletes: Optional[Sequence[PolicyRuleDeleteArgs]] = None,
hosts: Optional[Sequence[str]] = None,
identities: Optional[PolicyRuleIdentitiesArgs] = None,
reads: Optional[Sequence[PolicyRuleReadArgs]] = None,
updates: Optional[Sequence[PolicyRuleUpdateArgs]] = None)func NewPolicyRule(ctx *Context, name string, args PolicyRuleArgs, opts ...ResourceOption) (*PolicyRule, error)public PolicyRule(string name, PolicyRuleArgs args, CustomResourceOptions? opts = null)
public PolicyRule(String name, PolicyRuleArgs args)
public PolicyRule(String name, PolicyRuleArgs args, CustomResourceOptions options)
type: cyral:PolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyRuleResource = new Cyral.PolicyRule("policyRuleResource", new()
{
PolicyId = "string",
CyralPolicyRuleId = "string",
Deletes = new[]
{
new Cyral.Inputs.PolicyRuleDeleteArgs
{
Datas = new[]
{
"string",
},
Rows = 0,
AdditionalChecks = "string",
DatasetRewrites = new[]
{
new Cyral.Inputs.PolicyRuleDeleteDatasetRewriteArgs
{
Dataset = "string",
Parameters = new[]
{
"string",
},
Repo = "string",
Substitution = "string",
},
},
RateLimit = 0,
Severity = "string",
},
},
Hosts = new[]
{
"string",
},
Identities = new Cyral.Inputs.PolicyRuleIdentitiesArgs
{
DbRoles = new[]
{
"string",
},
Groups = new[]
{
"string",
},
Services = new[]
{
"string",
},
Users = new[]
{
"string",
},
},
Reads = new[]
{
new Cyral.Inputs.PolicyRuleReadArgs
{
Datas = new[]
{
"string",
},
Rows = 0,
AdditionalChecks = "string",
DatasetRewrites = new[]
{
new Cyral.Inputs.PolicyRuleReadDatasetRewriteArgs
{
Dataset = "string",
Parameters = new[]
{
"string",
},
Repo = "string",
Substitution = "string",
},
},
RateLimit = 0,
Severity = "string",
},
},
Updates = new[]
{
new Cyral.Inputs.PolicyRuleUpdateArgs
{
Datas = new[]
{
"string",
},
Rows = 0,
AdditionalChecks = "string",
DatasetRewrites = new[]
{
new Cyral.Inputs.PolicyRuleUpdateDatasetRewriteArgs
{
Dataset = "string",
Parameters = new[]
{
"string",
},
Repo = "string",
Substitution = "string",
},
},
RateLimit = 0,
Severity = "string",
},
},
});
example, err := cyral.NewPolicyRule(ctx, "policyRuleResource", &cyral.PolicyRuleArgs{
PolicyId: pulumi.String("string"),
CyralPolicyRuleId: pulumi.String("string"),
Deletes: cyral.PolicyRuleDeleteArray{
&cyral.PolicyRuleDeleteArgs{
Datas: pulumi.StringArray{
pulumi.String("string"),
},
Rows: pulumi.Float64(0),
AdditionalChecks: pulumi.String("string"),
DatasetRewrites: cyral.PolicyRuleDeleteDatasetRewriteArray{
&cyral.PolicyRuleDeleteDatasetRewriteArgs{
Dataset: pulumi.String("string"),
Parameters: pulumi.StringArray{
pulumi.String("string"),
},
Repo: pulumi.String("string"),
Substitution: pulumi.String("string"),
},
},
RateLimit: pulumi.Float64(0),
Severity: pulumi.String("string"),
},
},
Hosts: pulumi.StringArray{
pulumi.String("string"),
},
Identities: &cyral.PolicyRuleIdentitiesArgs{
DbRoles: pulumi.StringArray{
pulumi.String("string"),
},
Groups: pulumi.StringArray{
pulumi.String("string"),
},
Services: pulumi.StringArray{
pulumi.String("string"),
},
Users: pulumi.StringArray{
pulumi.String("string"),
},
},
Reads: cyral.PolicyRuleReadArray{
&cyral.PolicyRuleReadArgs{
Datas: pulumi.StringArray{
pulumi.String("string"),
},
Rows: pulumi.Float64(0),
AdditionalChecks: pulumi.String("string"),
DatasetRewrites: cyral.PolicyRuleReadDatasetRewriteArray{
&cyral.PolicyRuleReadDatasetRewriteArgs{
Dataset: pulumi.String("string"),
Parameters: pulumi.StringArray{
pulumi.String("string"),
},
Repo: pulumi.String("string"),
Substitution: pulumi.String("string"),
},
},
RateLimit: pulumi.Float64(0),
Severity: pulumi.String("string"),
},
},
Updates: cyral.PolicyRuleUpdateArray{
&cyral.PolicyRuleUpdateArgs{
Datas: pulumi.StringArray{
pulumi.String("string"),
},
Rows: pulumi.Float64(0),
AdditionalChecks: pulumi.String("string"),
DatasetRewrites: cyral.PolicyRuleUpdateDatasetRewriteArray{
&cyral.PolicyRuleUpdateDatasetRewriteArgs{
Dataset: pulumi.String("string"),
Parameters: pulumi.StringArray{
pulumi.String("string"),
},
Repo: pulumi.String("string"),
Substitution: pulumi.String("string"),
},
},
RateLimit: pulumi.Float64(0),
Severity: pulumi.String("string"),
},
},
})
var policyRuleResource = new PolicyRule("policyRuleResource", PolicyRuleArgs.builder()
.policyId("string")
.cyralPolicyRuleId("string")
.deletes(PolicyRuleDeleteArgs.builder()
.datas("string")
.rows(0.0)
.additionalChecks("string")
.datasetRewrites(PolicyRuleDeleteDatasetRewriteArgs.builder()
.dataset("string")
.parameters("string")
.repo("string")
.substitution("string")
.build())
.rateLimit(0.0)
.severity("string")
.build())
.hosts("string")
.identities(PolicyRuleIdentitiesArgs.builder()
.dbRoles("string")
.groups("string")
.services("string")
.users("string")
.build())
.reads(PolicyRuleReadArgs.builder()
.datas("string")
.rows(0.0)
.additionalChecks("string")
.datasetRewrites(PolicyRuleReadDatasetRewriteArgs.builder()
.dataset("string")
.parameters("string")
.repo("string")
.substitution("string")
.build())
.rateLimit(0.0)
.severity("string")
.build())
.updates(PolicyRuleUpdateArgs.builder()
.datas("string")
.rows(0.0)
.additionalChecks("string")
.datasetRewrites(PolicyRuleUpdateDatasetRewriteArgs.builder()
.dataset("string")
.parameters("string")
.repo("string")
.substitution("string")
.build())
.rateLimit(0.0)
.severity("string")
.build())
.build());
policy_rule_resource = cyral.PolicyRule("policyRuleResource",
policy_id="string",
cyral_policy_rule_id="string",
deletes=[{
"datas": ["string"],
"rows": 0,
"additional_checks": "string",
"dataset_rewrites": [{
"dataset": "string",
"parameters": ["string"],
"repo": "string",
"substitution": "string",
}],
"rate_limit": 0,
"severity": "string",
}],
hosts=["string"],
identities={
"db_roles": ["string"],
"groups": ["string"],
"services": ["string"],
"users": ["string"],
},
reads=[{
"datas": ["string"],
"rows": 0,
"additional_checks": "string",
"dataset_rewrites": [{
"dataset": "string",
"parameters": ["string"],
"repo": "string",
"substitution": "string",
}],
"rate_limit": 0,
"severity": "string",
}],
updates=[{
"datas": ["string"],
"rows": 0,
"additional_checks": "string",
"dataset_rewrites": [{
"dataset": "string",
"parameters": ["string"],
"repo": "string",
"substitution": "string",
}],
"rate_limit": 0,
"severity": "string",
}])
const policyRuleResource = new cyral.PolicyRule("policyRuleResource", {
policyId: "string",
cyralPolicyRuleId: "string",
deletes: [{
datas: ["string"],
rows: 0,
additionalChecks: "string",
datasetRewrites: [{
dataset: "string",
parameters: ["string"],
repo: "string",
substitution: "string",
}],
rateLimit: 0,
severity: "string",
}],
hosts: ["string"],
identities: {
dbRoles: ["string"],
groups: ["string"],
services: ["string"],
users: ["string"],
},
reads: [{
datas: ["string"],
rows: 0,
additionalChecks: "string",
datasetRewrites: [{
dataset: "string",
parameters: ["string"],
repo: "string",
substitution: "string",
}],
rateLimit: 0,
severity: "string",
}],
updates: [{
datas: ["string"],
rows: 0,
additionalChecks: "string",
datasetRewrites: [{
dataset: "string",
parameters: ["string"],
repo: "string",
substitution: "string",
}],
rateLimit: 0,
severity: "string",
}],
});
type: cyral:PolicyRule
properties:
cyralPolicyRuleId: string
deletes:
- additionalChecks: string
datas:
- string
datasetRewrites:
- dataset: string
parameters:
- string
repo: string
substitution: string
rateLimit: 0
rows: 0
severity: string
hosts:
- string
identities:
dbRoles:
- string
groups:
- string
services:
- string
users:
- string
policyId: string
reads:
- additionalChecks: string
datas:
- string
datasetRewrites:
- dataset: string
parameters:
- string
repo: string
substitution: string
rateLimit: 0
rows: 0
severity: string
updates:
- additionalChecks: string
datas:
- string
datasetRewrites:
- dataset: string
parameters:
- string
repo: string
substitution: string
rateLimit: 0
rows: 0
severity: string
PolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyRule resource accepts the following input properties:
- Policy
Id string - The ID of the policy you are adding this rule to.
- Cyral
Policy stringRule Id - The ID of this resource.
- Deletes
List<Policy
Rule Delete> - A contexted rule for accesses of the type
delete. - Hosts List<string>
- Hosts specification that limits access to only those users connecting from a certain network location.
- Identities
Policy
Rule Identities - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - Reads
List<Policy
Rule Read> - A contexted rule for accesses of the type
read. - Updates
List<Policy
Rule Update> - A contexted rule for accesses of the type
update.
- Policy
Id string - The ID of the policy you are adding this rule to.
- Cyral
Policy stringRule Id - The ID of this resource.
- Deletes
[]Policy
Rule Delete Args - A contexted rule for accesses of the type
delete. - Hosts []string
- Hosts specification that limits access to only those users connecting from a certain network location.
- Identities
Policy
Rule Identities Args - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - Reads
[]Policy
Rule Read Args - A contexted rule for accesses of the type
read. - Updates
[]Policy
Rule Update Args - A contexted rule for accesses of the type
update.
- policy
Id String - The ID of the policy you are adding this rule to.
- cyral
Policy StringRule Id - The ID of this resource.
- deletes
List<Policy
Rule Delete> - A contexted rule for accesses of the type
delete. - hosts List<String>
- Hosts specification that limits access to only those users connecting from a certain network location.
- identities
Policy
Rule Identities - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - reads
List<Policy
Rule Read> - A contexted rule for accesses of the type
read. - updates
List<Policy
Rule Update> - A contexted rule for accesses of the type
update.
- policy
Id string - The ID of the policy you are adding this rule to.
- cyral
Policy stringRule Id - The ID of this resource.
- deletes
Policy
Rule Delete[] - A contexted rule for accesses of the type
delete. - hosts string[]
- Hosts specification that limits access to only those users connecting from a certain network location.
- identities
Policy
Rule Identities - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - reads
Policy
Rule Read[] - A contexted rule for accesses of the type
read. - updates
Policy
Rule Update[] - A contexted rule for accesses of the type
update.
- policy_
id str - The ID of the policy you are adding this rule to.
- cyral_
policy_ strrule_ id - The ID of this resource.
- deletes
Sequence[Policy
Rule Delete Args] - A contexted rule for accesses of the type
delete. - hosts Sequence[str]
- Hosts specification that limits access to only those users connecting from a certain network location.
- identities
Policy
Rule Identities Args - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - reads
Sequence[Policy
Rule Read Args] - A contexted rule for accesses of the type
read. - updates
Sequence[Policy
Rule Update Args] - A contexted rule for accesses of the type
update.
- policy
Id String - The ID of the policy you are adding this rule to.
- cyral
Policy StringRule Id - The ID of this resource.
- deletes List<Property Map>
- A contexted rule for accesses of the type
delete. - hosts List<String>
- Hosts specification that limits access to only those users connecting from a certain network location.
- identities Property Map
- Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - reads List<Property Map>
- A contexted rule for accesses of the type
read. - updates List<Property Map>
- A contexted rule for accesses of the type
update.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Rule stringId - The ID of the policy rule.
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Rule stringId - The ID of the policy rule.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Rule StringId - The ID of the policy rule.
- id string
- The provider-assigned unique ID for this managed resource.
- policy
Rule stringId - The ID of the policy rule.
- id str
- The provider-assigned unique ID for this managed resource.
- policy_
rule_ strid - The ID of the policy rule.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Rule StringId - The ID of the policy rule.
Look up Existing PolicyRule Resource
Get an existing PolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyRuleState, opts?: CustomResourceOptions): PolicyRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cyral_policy_rule_id: Optional[str] = None,
deletes: Optional[Sequence[PolicyRuleDeleteArgs]] = None,
hosts: Optional[Sequence[str]] = None,
identities: Optional[PolicyRuleIdentitiesArgs] = None,
policy_id: Optional[str] = None,
policy_rule_id: Optional[str] = None,
reads: Optional[Sequence[PolicyRuleReadArgs]] = None,
updates: Optional[Sequence[PolicyRuleUpdateArgs]] = None) -> PolicyRulefunc GetPolicyRule(ctx *Context, name string, id IDInput, state *PolicyRuleState, opts ...ResourceOption) (*PolicyRule, error)public static PolicyRule Get(string name, Input<string> id, PolicyRuleState? state, CustomResourceOptions? opts = null)public static PolicyRule get(String name, Output<String> id, PolicyRuleState state, CustomResourceOptions options)resources: _: type: cyral:PolicyRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cyral
Policy stringRule Id - The ID of this resource.
- Deletes
List<Policy
Rule Delete> - A contexted rule for accesses of the type
delete. - Hosts List<string>
- Hosts specification that limits access to only those users connecting from a certain network location.
- Identities
Policy
Rule Identities - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - Policy
Id string - The ID of the policy you are adding this rule to.
- Policy
Rule stringId - The ID of the policy rule.
- Reads
List<Policy
Rule Read> - A contexted rule for accesses of the type
read. - Updates
List<Policy
Rule Update> - A contexted rule for accesses of the type
update.
- Cyral
Policy stringRule Id - The ID of this resource.
- Deletes
[]Policy
Rule Delete Args - A contexted rule for accesses of the type
delete. - Hosts []string
- Hosts specification that limits access to only those users connecting from a certain network location.
- Identities
Policy
Rule Identities Args - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - Policy
Id string - The ID of the policy you are adding this rule to.
- Policy
Rule stringId - The ID of the policy rule.
- Reads
[]Policy
Rule Read Args - A contexted rule for accesses of the type
read. - Updates
[]Policy
Rule Update Args - A contexted rule for accesses of the type
update.
- cyral
Policy StringRule Id - The ID of this resource.
- deletes
List<Policy
Rule Delete> - A contexted rule for accesses of the type
delete. - hosts List<String>
- Hosts specification that limits access to only those users connecting from a certain network location.
- identities
Policy
Rule Identities - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - policy
Id String - The ID of the policy you are adding this rule to.
- policy
Rule StringId - The ID of the policy rule.
- reads
List<Policy
Rule Read> - A contexted rule for accesses of the type
read. - updates
List<Policy
Rule Update> - A contexted rule for accesses of the type
update.
- cyral
Policy stringRule Id - The ID of this resource.
- deletes
Policy
Rule Delete[] - A contexted rule for accesses of the type
delete. - hosts string[]
- Hosts specification that limits access to only those users connecting from a certain network location.
- identities
Policy
Rule Identities - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - policy
Id string - The ID of the policy you are adding this rule to.
- policy
Rule stringId - The ID of the policy rule.
- reads
Policy
Rule Read[] - A contexted rule for accesses of the type
read. - updates
Policy
Rule Update[] - A contexted rule for accesses of the type
update.
- cyral_
policy_ strrule_ id - The ID of this resource.
- deletes
Sequence[Policy
Rule Delete Args] - A contexted rule for accesses of the type
delete. - hosts Sequence[str]
- Hosts specification that limits access to only those users connecting from a certain network location.
- identities
Policy
Rule Identities Args - Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - policy_
id str - The ID of the policy you are adding this rule to.
- policy_
rule_ strid - The ID of the policy rule.
- reads
Sequence[Policy
Rule Read Args] - A contexted rule for accesses of the type
read. - updates
Sequence[Policy
Rule Update Args] - A contexted rule for accesses of the type
update.
- cyral
Policy StringRule Id - The ID of this resource.
- deletes List<Property Map>
- A contexted rule for accesses of the type
delete. - hosts List<String>
- Hosts specification that limits access to only those users connecting from a certain network location.
- identities Property Map
- Identities specifies the people, applications, or groups this rule applies to. Every rule except your default rule has one. It can have 4 fields:
db_roles,groups,usersandservices. - policy
Id String - The ID of the policy you are adding this rule to.
- policy
Rule StringId - The ID of the policy rule.
- reads List<Property Map>
- A contexted rule for accesses of the type
read. - updates List<Property Map>
- A contexted rule for accesses of the type
update.
Supporting Types
PolicyRuleDelete, PolicyRuleDeleteArgs
- Datas List<string>
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - Rows double
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - Additional
Checks string - Constraints on the data access specified in Rego. See Additional checks.
- Dataset
Rewrites List<PolicyRule Delete Dataset Rewrite> - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- Rate
Limit double - Rate Limit specifies the limit of calls that a user can make within a given time period.
- Severity string
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- Datas []string
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - Rows float64
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - Additional
Checks string - Constraints on the data access specified in Rego. See Additional checks.
- Dataset
Rewrites []PolicyRule Delete Dataset Rewrite - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- Rate
Limit float64 - Rate Limit specifies the limit of calls that a user can make within a given time period.
- Severity string
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas List<String>
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows Double
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional
Checks String - Constraints on the data access specified in Rego. See Additional checks.
- dataset
Rewrites List<PolicyRule Delete Dataset Rewrite> - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate
Limit Double - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity String
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas string[]
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows number
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional
Checks string - Constraints on the data access specified in Rego. See Additional checks.
- dataset
Rewrites PolicyRule Delete Dataset Rewrite[] - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate
Limit number - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity string
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas Sequence[str]
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows float
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional_
checks str - Constraints on the data access specified in Rego. See Additional checks.
- dataset_
rewrites Sequence[PolicyRule Delete Dataset Rewrite] - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate_
limit float - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity str
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas List<String>
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows Number
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional
Checks String - Constraints on the data access specified in Rego. See Additional checks.
- dataset
Rewrites List<Property Map> - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate
Limit Number - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity String
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
PolicyRuleDeleteDatasetRewrite, PolicyRuleDeleteDatasetRewriteArgs
- Dataset string
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - Parameters List<string>
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- Repo string
- The name of the repository that the rewrite applies to.
- Substitution string
- The request used to substitute references to the dataset.
- Dataset string
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - Parameters []string
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- Repo string
- The name of the repository that the rewrite applies to.
- Substitution string
- The request used to substitute references to the dataset.
- dataset String
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters List<String>
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo String
- The name of the repository that the rewrite applies to.
- substitution String
- The request used to substitute references to the dataset.
- dataset string
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters string[]
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo string
- The name of the repository that the rewrite applies to.
- substitution string
- The request used to substitute references to the dataset.
- dataset str
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters Sequence[str]
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo str
- The name of the repository that the rewrite applies to.
- substitution str
- The request used to substitute references to the dataset.
- dataset String
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters List<String>
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo String
- The name of the repository that the rewrite applies to.
- substitution String
- The request used to substitute references to the dataset.
PolicyRuleIdentities, PolicyRuleIdentitiesArgs
PolicyRuleRead, PolicyRuleReadArgs
- Datas List<string>
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - Rows double
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - Additional
Checks string - Constraints on the data access specified in Rego. See Additional checks.
- Dataset
Rewrites List<PolicyRule Read Dataset Rewrite> - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- Rate
Limit double - Rate Limit specifies the limit of calls that a user can make within a given time period.
- Severity string
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- Datas []string
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - Rows float64
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - Additional
Checks string - Constraints on the data access specified in Rego. See Additional checks.
- Dataset
Rewrites []PolicyRule Read Dataset Rewrite - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- Rate
Limit float64 - Rate Limit specifies the limit of calls that a user can make within a given time period.
- Severity string
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas List<String>
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows Double
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional
Checks String - Constraints on the data access specified in Rego. See Additional checks.
- dataset
Rewrites List<PolicyRule Read Dataset Rewrite> - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate
Limit Double - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity String
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas string[]
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows number
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional
Checks string - Constraints on the data access specified in Rego. See Additional checks.
- dataset
Rewrites PolicyRule Read Dataset Rewrite[] - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate
Limit number - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity string
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas Sequence[str]
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows float
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional_
checks str - Constraints on the data access specified in Rego. See Additional checks.
- dataset_
rewrites Sequence[PolicyRule Read Dataset Rewrite] - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate_
limit float - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity str
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas List<String>
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows Number
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional
Checks String - Constraints on the data access specified in Rego. See Additional checks.
- dataset
Rewrites List<Property Map> - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate
Limit Number - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity String
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
PolicyRuleReadDatasetRewrite, PolicyRuleReadDatasetRewriteArgs
- Dataset string
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - Parameters List<string>
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- Repo string
- The name of the repository that the rewrite applies to.
- Substitution string
- The request used to substitute references to the dataset.
- Dataset string
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - Parameters []string
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- Repo string
- The name of the repository that the rewrite applies to.
- Substitution string
- The request used to substitute references to the dataset.
- dataset String
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters List<String>
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo String
- The name of the repository that the rewrite applies to.
- substitution String
- The request used to substitute references to the dataset.
- dataset string
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters string[]
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo string
- The name of the repository that the rewrite applies to.
- substitution string
- The request used to substitute references to the dataset.
- dataset str
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters Sequence[str]
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo str
- The name of the repository that the rewrite applies to.
- substitution str
- The request used to substitute references to the dataset.
- dataset String
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters List<String>
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo String
- The name of the repository that the rewrite applies to.
- substitution String
- The request used to substitute references to the dataset.
PolicyRuleUpdate, PolicyRuleUpdateArgs
- Datas List<string>
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - Rows double
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - Additional
Checks string - Constraints on the data access specified in Rego. See Additional checks.
- Dataset
Rewrites List<PolicyRule Update Dataset Rewrite> - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- Rate
Limit double - Rate Limit specifies the limit of calls that a user can make within a given time period.
- Severity string
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- Datas []string
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - Rows float64
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - Additional
Checks string - Constraints on the data access specified in Rego. See Additional checks.
- Dataset
Rewrites []PolicyRule Update Dataset Rewrite - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- Rate
Limit float64 - Rate Limit specifies the limit of calls that a user can make within a given time period.
- Severity string
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas List<String>
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows Double
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional
Checks String - Constraints on the data access specified in Rego. See Additional checks.
- dataset
Rewrites List<PolicyRule Update Dataset Rewrite> - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate
Limit Double - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity String
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas string[]
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows number
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional
Checks string - Constraints on the data access specified in Rego. See Additional checks.
- dataset
Rewrites PolicyRule Update Dataset Rewrite[] - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate
Limit number - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity string
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas Sequence[str]
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows float
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional_
checks str - Constraints on the data access specified in Rego. See Additional checks.
- dataset_
rewrites Sequence[PolicyRule Update Dataset Rewrite] - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate_
limit float - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity str
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
- datas List<String>
- The data locations protected by this rule. Use
*if you want to defineanydata location. For more information, see the policy rules documentation. - rows Number
- The number of records (for example, rows or documents) that can be accessed/affected in a single statement. Use positive integer numbers to define how many records. If you want to define
anynumber of records, set to-1. - additional
Checks String - Constraints on the data access specified in Rego. See Additional checks.
- dataset
Rewrites List<Property Map> - Defines how requests should be rewritten in the case of policy violations. See Request rewriting.
- rate
Limit Number - Rate Limit specifies the limit of calls that a user can make within a given time period.
- severity String
- severity level that's recorded when someone violate this rule. This is an informational value. Settings: (
low|medium|high). If not specified, the severity is considered to be low.
PolicyRuleUpdateDatasetRewrite, PolicyRuleUpdateDatasetRewriteArgs
- Dataset string
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - Parameters List<string>
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- Repo string
- The name of the repository that the rewrite applies to.
- Substitution string
- The request used to substitute references to the dataset.
- Dataset string
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - Parameters []string
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- Repo string
- The name of the repository that the rewrite applies to.
- Substitution string
- The request used to substitute references to the dataset.
- dataset String
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters List<String>
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo String
- The name of the repository that the rewrite applies to.
- substitution String
- The request used to substitute references to the dataset.
- dataset string
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters string[]
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo string
- The name of the repository that the rewrite applies to.
- substitution string
- The request used to substitute references to the dataset.
- dataset str
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters Sequence[str]
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo str
- The name of the repository that the rewrite applies to.
- substitution str
- The request used to substitute references to the dataset.
- dataset String
- The dataset that should be rewritten.In the case of Snowflake, this denotes a fully qualified table name in the form:
<database>.<schema>.<table> - parameters List<String>
- The set of parameters used in the substitution request, these are references to fields in the activity log as described in the Additional Checks section.
- repo String
- The name of the repository that the rewrite applies to.
- substitution String
- The request used to substitute references to the dataset.
Package Details
- Repository
- cyral cyralinc/terraform-provider-cyral
- License
- Notes
- This Pulumi package is based on the
cyralTerraform Provider.