Creating a Policy

Function

This API is used to create a device security policy.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/devices/security-policies

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.

Request Parameters

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
config	Yes	ConfigInfo object	Policy configuration.
name	No	String	Policy name.
policy	Yes	Array of PolicyInfo objects	Policy information.
related_datasource_id	Yes	String	Associated database ID.
related_datasource_name	No	String	Associated database name.
related_datasource_type	No	String	Associated database type.
related_device_id	No	String	ID of the device that executes the policy.
resource	No	DeviceResourceInfo object	Information about resources associated with the security policy on the device.
target_datasource_id	No	String	Target database ID of the static data masking policy.
target_datasource_name	No	String	Target database name of the static data masking policy.
target_datasource_type	No	String	Target database type of the static data masking policy.
target_resource	No	DeviceResourceInfo object	Information about resources associated with the security policy on the device.
type	No	String	Policy type.

**Table 3** ConfigInfo
Parameter	Mandatory	Type	Description
ddm_config	No	DdmConfig object	Dynamic data masking policy.
dom_config	No	DomConfig object	Database O&M policy (not supported currently).
gde_config	No	GdeConfig object	Database encryption policy.
sdm_config	No	SdmConfig object	Static data masking policy.

**Table 4** DdmConfig
Parameter	Mandatory	Type	Description
proxy_port	No	Integer	Agent port.
zk_election_port	No	Integer	User-defined ZooKeeper election port, which is available only for big data (HBase and Hive).
zk_port	No	Integer	User-defined ZooKeeper port, which is available only for big data (HBase and Hive).

**Table 5** DomConfig
Parameter	Mandatory	Type	Description
deploy_mode	No	String	Deployment mode.

**Table 6** GdeConfig
Parameter	Mandatory	Type	Description
enc_mode	No	Integer	Encryption mode. 1: encryption, 2: decryption.
proxy_port	No	Integer	Agent port.

**Table 7** SdmConfig
Parameter	Mandatory	Type	Description
auto_rebuild_target	No	Boolean	Whether to rebuild the table.
clear_target	No	Boolean	Whether to clear the target table.
select_param	No	String	Value of the extraction mode.
select_type	No	String	Extraction type.
skip_dirty_data	No	Boolean	Whether to skip dirty data.

**Table 8** PolicyInfo
Parameter	Mandatory	Type	Description
dbss_policy	No	DbssPolicy object	Database audit policy.
ddm_policy	No	DdmPolicy object	Dynamic data masking policy.
dom_policy	No	DomPolicy object	Database O&M policy information.
gde_policy	No	GdePolicy object	Encryption policy.
sdm_policy	No	SdmPolicy object	Static data masking policy.

**Table 9** DbssPolicy
Parameter	Mandatory	Type	Description
data_mask	No	Boolean	Privacy data masking.
show_result	No	Boolean	Whether to display the result set.

**Table 10** DdmPolicy
Parameter	Mandatory	Type	Description
columns	No	Array of Column objects	Columns configured for the policy.
namespace	No	String	Namespace name.
table	No	String	Table name.

**Table 11** DomPolicy
Parameter	Mandatory	Type	Description
custom_policy	No	Boolean	Whether to use a custom policy.
data_audit	No	Boolean	Whether to perform data audit.
default_action	No	String	Default action of a policy, such as pass, block, and audit.
intelligent_protection_baseline	No	Boolean	Whether to enable the intelligent protection baseline.
virtual_patch	No	Boolean	Whether to use virtual patches.

**Table 12** GdePolicy
Parameter	Mandatory	Type	Description
action	No	Integer	1: encryption, 2: decryption.
alg	No	String	Encryption algorithm, which can be sm4, aes-128, or aes-256.
columns	No	Array of Column objects	Column information to be encrypted.
table	No	String	Table name.

**Table 13** SdmPolicy
Parameter	Mandatory	Type	Description
columns	No	Array of Column objects	Column information.
do_mask	No	Boolean	Whether to mask data.
do_move	No	Boolean	Whether to migrate data.
namespace	No	String	Namespace, which is only available for HBase.
table	No	String	Table name.

**Table 14** Column
Parameter	Mandatory	Type	Description
mask	No	Integer	Masking algorithm name or ID.
name	No	String	Column name.

**Table 15** DeviceResourceInfo
Parameter	Mandatory	Type	Description
account	No	String	Username.
address	No	String	Address.
address_type	No	String	Address type (IPv4 or IPv6).
case_sensitive	No	Boolean	\
database_name	No	String	Database name.
extra_params	No	String	Reserved field.
password	No	String	Password.
port	No	Integer	Port.
res_id	No	String	Database ID.
res_type	No	String	Database type.
res_version	No	String	Database version.

Response Parameters

Status code: 200

**Table 16** Response body parameters
Parameter	Type	Description
id	String	ID
msg	String	Message.
status	String	Response code.

Status code: 201

Resource being created.

Example Requests

POST /v1/{project_id}/devices/security-policies

{
  "config" : { },
  "name" : "string",
  "policy" : [ { } ],
  "related_datasource_id" : "string",
  "related_datasource_name" : "string",
  "related_datasource_type" : "string",
  "related_device_id" : "string",
  "resource" : { },
  "target_datasource_id" : "string",
  "target_datasource_name" : "string",
  "target_datasource_type" : "string",
  "target_resource" : { },
  "type" : "string"
}

Example Responses

None

Status Codes

Status Code	Description
200	Created.
201	Resource being created.
401	Unauthorized. The user is not logged in or the token is invalid.
403	Unauthorized to access the resource.
404	The specified project does not exist.