Permission Policy API
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

The operations shown here are used to set, list, or update your permissions policies through the Treasure Data REST API. You might not see the same behavior if your administrator has not enabled granular permissions for authentication. Contact your Customer Support Engineer to upgrade to the latest version.

GET /v3/access_control/policies

Retrieves a list of policies.

HTTP Verb	Resource	Description
GET	`/v3/access_control/policies`	Gets a list of policies

Request Body

Property Name	Value	Description
policy	object	Name of the policy

Sample Response

Status: 200 OK

    [
      {
        "id": 67,
        "account_id": 123,
        "name": "some_policy",
        "description": "written about the policy",
        "user_count": 3
      }
    ]

POST /v3/access_control/policies

Creates a policy.

HTTP Verb	Resource	Description
POST	`/v3/access_control/policies`	Creates a policy

URI Parameters

Parameter Name	Required	Type	Description
`policy`	Yes	object	Example:`{"policy": { "name": "name of policy", "description": "Description of policy" }`
`name`	Yes	string	Policy's name
`description`		string	Policy's description

Sample Request

{
  "policy": {
    "name": "some_policy",
    "description": "written about the policy"
  }
}

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

GET /v3/access_control/policies/:policy_id

Retrieve information about a policy.

HTTP Verb	Resource	Description
GET	`/v3/access_control/policies/:policy_id`	Gets a specific policy

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	Integer	AccessControlPolicyIdExample: `67`

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

PATCH /access_control/policies/:policy_id

Update information related to a policy.

HTTP Verb	Resource	Description
PATCH	`/v3/access_control/policies/:policy_id`	Updates a specific policy

URI Parameters

Parameter Name

| Required| Type| Description ---|---|---|--- policy_id| Yes| Integer| AccessControlPolicyIdExample: 67 policy| Yes| Object| TBD

Request Body

Property Name	Value	Description
policy	object	Name of the policy

Sample Request

{
  "policy": {
    "name": "some_policy",
    "description": "written about the policy"
  }
}

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

DELETE /v3/access_control/policies/:policy_id

Delete a policy.

HTTP Verb	Resource	Description
DELETE	`/v3/access_control/policies/:policy_id`	Deletes a specific policy

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	Integer	AccessControlPolicyIdExample: `67`

Sample Response

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

GET /v3/access_control/users/:user_id/policies

List policies per user.

HTTP Verb	Resouce	Description
GET	`/v3/access_control/users/:user_id/policies`	Gets a list of policies by user

URI Parameters

Parameter Name	Required	Type	Description
`user_id`	Yes	integer	UserIdExample: `123`

Sample Response

Status: 200 OK

[
  {
    "id": 67,
    "account_id": 123,
    "name": "some_policy",
    "description": "written about the policy",
    "user_count": 3
  }
]

PATCH /v3/access_control/users/:user_id/policies

Update a user’s policies.

HTTP Verb	Resource	Description
PATCH	`/v3/access_control/users/:user_id/policies`	Updates a user’s policies

URI Parameters

Parameter Name	Required	Type	Description
`user_id`	Yes	integer	UserIdExample: `123`

Request Body

Property Name	Value	Description
policy_ids	array of string	List of policies

Sample Request

{
  "policy_ids": [
    "1",
    "2",
    "42"
  ]
}

Sample Response

Status: 200 OK

[
  {
    "id": 67,
    "account_id": 123,
    "name": "some_policy",
    "description": "written about the policy",
    "user_count": 3
  }
]

POST /v3/access_control/users/:user_id/policies/:policy_id

Attach a policy to a user.

HTTP Verb	Resource	Description
POST	`/v3/access_control/users/:user_id/policies/:policy_id`	Attaches a policy to a user

URI Parameters

Parameter Name	Required	Type	Description
`user_id`	Yes	integer	UserIdExample: `123`
`policy_id`	Yes	integer	Example: `67`

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

DELETE /v3/access_control/users/:user_id/policies/:policy_id

Delete a user’s policies.

HTTP Verb	Resource	Description
DELETE	`/v3/access_control/users/:user_id/policies/:policy_id`	Deletes a user’s policies

URI Parameters

Parameter Name	Required	Type	Description
`user_id`	Yes	integer	UserIdExample: `123`
`policy_id`	Yes	integer	Example: `67`

Sample Response

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

POST /v3/access_control/policies/:policy_id/users/:user_id

Attach a user to a specific policy.

HTTP Verb	Resource	Description
POST	`/v3/access_control/policies/:policy_id/users/:user_id`	Attaches a user to a policy.

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	AccessControlPolicyIdExample: `67`
`user_id`	Yes	Integer	UseridExample: 123

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

DELETE /v3/access_control/policies/:policy_id/users/:user_id

Detach a user from a specific policy.

HTTP Verb	Resource	Description
DELETE	`/v3/access_control/policies/:policy_id/users/:user_id`	Deletes a user from a policy

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	AccessControlPolicyIdExample: `67`
`user_id`	Yes	Integer	UseridExample: 123

Sample Response

Status: 200 OK

{
  "id": 67,
  "account_id": 123,
  "name": "some_policy",
  "description": "written about the policy",
  "user_count": 3
}

GET /v3/access_control/permissions

List all permissions.

HTTP Verb	Resource	Description
GET	`/v3/access_control/permissions`	Lists all permissions

Sample Response

Status: 200 OK

[
  {
    "id": 0,
    "permission_set_id": 0,
    "resource_type": "string",
    "filter_expression": "string",
    "filter_operator": "string",
    "filter_value": "string",
    "can_create": true,
    "can_read": true,
    "can_update": true,
    "can_delete": true,
    "can_execute": true,
    "custom_operation": "string"
  }
]

GET /v3/access_control/policies/:policy_id/permissions

List the permissions for a specific policy.

HTTP Verb	Resource	Description
GET	`/v3/access_control/policies/:policy_id/permissions`	Lists permissions for a policy

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	AccessControlPolicyIdExample: `67`

Sample Response

Status: 200 OK

{
  "WorkflowProject": [
    {
      "operation": "view"
    }
  ],
  "WorkflowProjectLevel": [
    {
      "operation": "view",
      "name": "my_wf"
    }
  ],
  "Segmentation": [
    {
      "operation": "full"
    }
  ],
  "MasterSegmentConfigs": [
    {
      "operation": "view"
    }
  ],
  "MasterSegmentConfig": [
    {
      "operation": "view",
      "id": "42"
    }
  ],
  "SegmentAllFolders": [
    {
      "operation": "view",
      "audience_id": "42"
    }
  ],
  "SegmentFolder": [
    {
      "operation": "view",
      "id": "42"
    }
  ],
  "Authentications": [
    {
      "operation": "use"
    }
  ],
  "Sources": [
    {
      "operation": "restricted"
    }
  ],
  "Destinations": [
    {
      "operation": "restricted"
    }
  ]
}

PATCH /v3/access_control/policies/:policy_id/permissions

Update the permissions for a specific policy.

HTTP Verb	Resource	Description
PATCH	`/v3/access_control/policies/:policy_id/permission`	Updates permissions for a policy

URI Parameter

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	AccessControlPolicyIdExample: `67`

Available Body Request Fields

Parameter Name	Value	Description	Example
WorkflowProject	Array of object	Designates "view", "run", or "edit" access to all workflows.	Example:operation (string)enum: "view" "run" "edit"name (string)
WorkflowProjectLevel	Array of object	Designates "view", "run", or "edit" access to a specific workflow project.	Example:operation (string)enum: `"view" "run" "edit"`name (string)
Segmentation	Array of object	Grants "full" access to all segmentations.	Example:operation (string)value: `"full"`
MasterSegmentConfigs	Array of object	Grants "view" or "edit" access to all master segment configs, or "full" access to all CDP-generated workflows.	Example:operation (string)enum: `"view" "edit"`
MasterSegmentConfig	Array of object	Grants "view" or "edit" access to specific master segment config, or "full" access to specific CDP-generated workflows.	Example:operation (string)enum: `"view" "edit"`id (string)
MasterSegmentColumn	Array of object	Grants permissions on a master segment column.	Example: operations (string)enum: "view_clear" "view_non_pii" "view_pii" "blocked"
MasterSegmentAllColumns	Array of object	Grants permissions on all columns of a master segment.	Example: operations (string)enum: "view_clear" "view_non_pii" "view_pii" "blocked_only_for_migration_purpose"
SegmentAllFolders	Array of object	Grants "view" or "edit" access to all segment folders.	Example:operation (string)enum: `"view" "edit"`audience_id (string)
SegmentFolder	Array of object	Grants "view" or "edit" access to a specific segment folder.	Example:operation (string)enum: `"view" "edit"`id (string)
Databases	Array of object	Grants “manage” access to all databases.Grants “owner_manage” access to owned databases.Grants “edit”, “query” and “import” to access specific databases with “ids”.Grants “download” to allow downloads of databases that have read permissions.	Example:operation (string)enum: “manage” “owner_manage” “edit” “query” “import”ids: (string, required when operation is “edit” “query” “import”)“1,2,3”
Authentications	Array of object	Grants "use" or "full" access to all authentications. Where "use" designates permissions to view authentications.	Example: operation (string)
enum: "use" "full" "owner_manage" "use_limited" ## Order is up to you
ids (string, required when `operation` is "use_limited")
"1, 2, 3"
Sources	Array of object	Sets "restricted" access to all sources.	Example: Describes what authority you have (only one type may be selected)Example:
operation (string)
enum: "restricted"
Destinations	Array of object	Grants "restricted" access to using destinations for result export.	Example:
operation (string)
enum: "restricted"

Sample Request

{
    "Authentications": [
        {
            "operation": "full"
        }
    ],
    "Sources": [
        {
            "operation": "restricted"
        }
    ],
    "Destinations": [
        {
            "operation": "restricted"
        }
    ]
}

Sample Response

Status: 200 OK

{
    "Authentications": [
        {
            "operation": "full"
        }
    ],
    "Sources": [
        {
            "operation": "restricted"
        }
    ],
    "Destinations": [
        {
            "operation": "restricted"
        }
    ]
}

GET /v3/access_control/users

Retrieve a list of users and their permissions.

HTTP Verb	Resource	Description
GET	`/v3/access_control/users`	Gets a list of users and their permissions

Sample Response

Status: 200 OK

[
  {
    "user_id": 123,
    "account_id": 123,
    "permissions": {
      "WorkflowProject": [
        {
          "operation": "view"
        }
      ],
      "WorkflowProjectLevel": [
        {
          "operation": "view",
          "name": "my_wf"
        }
      ],
      "Segmentation": [
        {
          "operation": "full"
        }
      ],
      "MasterSegmentConfigs": [
        {
          "operation": "view"
        }
      ],
      "MasterSegmentConfig": [
        {
          "operation": "view",
          "id": "42"
        }
      ],
      "SegmentAllFolders": [
        {
          "operation": "view",
          "audience_id": "42"
        }
      ],
      "SegmentFolder": [
        {
          "operation": "view",
          "id": "42"
        }
      ],
      "Authentications": [
        {
          "operation": "use"
        }
      ],
      "Sources": [
        {
          "operation": "restricted"
        }
      ],
      "Destinations": [
        {
          "operation": "restricted"
        }
      ]
    },
    "policies": [
      {
        "id": 67,
        "account_id": 123,
        "name": "some_policy",
        "description": "written about the policy",
        "user_count": 3
      }
    ]
  }
]

GET /v3/access_control/users/:user_id

Retrieve a specific user by ID.

HTTP Verb	Resource	Description
GET	`/v3/access_control/users/:user_id`	Gets a user

URI Parameter

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	AccessControlPolicyIdExample: `67`

Sample Response

Status: 200 OK

{
  "user_id": 123,
  "account_id": 123,
  "permissions": {
    "WorkflowProject": [
      {
        "operation": "view"
      }
    ],
    "WorkflowProjectLevel": [
      {
        "operation": "view",
        "name": "my_wf"
      }
    ],
    "Segmentation": [
      {
        "operation": "full"
      }
    ],
    "MasterSegmentConfigs": [
      {
        "operation": "view"
      }
    ],
    "MasterSegmentConfig": [
      {
        "operation": "view",
        "id": "42"
      }
    ],
    "SegmentAllFolders": [
      {
        "operation": "view",
        "audience_id": "42"
      }
    ],
    "SegmentFolder": [
      {
        "operation": "view",
        "id": "42"
      }
    ],
    "Authentications": [
      {
        "operation": "use"
      }
    ],
    "Sources": [
      {
        "operation": "restricted"
      }
    ],
    "Destinations": [
      {
        "operation": "restricted"
      }
    ]
  },
  "policies": [
    {
      "id": 67,
      "account_id": 123,
      "name": "some_policy",
      "description": "written about the policy",
      "user_count": 3
    }
  ]
}

PATCH /v3/access_control/users/:user_id/permissions

Update permissions for a specific user.

HTTP Verb	Resource	Description
PATCH	`/v3/access_control/users/:user_id/permissions`	Updates permissions

URI Parameters

Parameter Name	Required	Type	Description
`user_id`	Yes	Integer	UseridExample: 123

Request Body

Property Name	Value	Description
WorkflowProject	array of object	Example:operation (string)enum:`"view" "run" "edit"`property name (any)
WorkflowProjectLevel	array of object	Example:operation (string)enum:`"view" "run" "edit"`name (string)property name (any)

Sample Request

{
  "WorkflowProject": [
    {
      "operation": "view"
    }
  ],
  "WorkflowProjectLevel": [
    {
      "operation": "view",
      "name": "my_wf"
    }
  ]
}

Sample Response

Status: 200 OK

{
  "user_id": 123,
  "permissions": {
    "WorkflowProject": [
      {
        "operation": "view"
      }
    ],
    "WorkflowProjectLevel": [
      {
        "operation": "view",
        "name": "my_wf"
      }
    ],
    "Segmentation": [
      {
        "operation": "full"
      }
    ],
    "MasterSegmentConfigs": [
      {
        "operation": "view"
      }
    ],
    "MasterSegmentConfig": [
      {
        "operation": "view",
        "id": "42"
      }
    ],
    "SegmentAllFolders": [
      {
        "operation": "view",
        "audience_id": "42"
      }
    ],
    "SegmentFolder": [
      {
        "operation": "view",
        "id": "42"
      }
    ],
    "Authentications": [
      {
        "operation": "use"
      }
    ],
    "Sources": [
      {
        "operation": "restricted"
      }
    ],
    "Destinations": [
      {
        "operation": "restricted"
      }
    ]
  }
}

GET /v3/access_control/policies/:policy_id/users

Retrieve a list of users associated with a specific policy.

HTTP Verb	Resource	Description
GET	`/v3/access_control/policies/:policy_id/users`	Gets a list of users of a policy

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	AccessControlPolicyIdExample: `67`

Sample Response

Status: 200 OK

[
  {
    "user_id": 123,
    "account_id": 123,
    "email": "jake@gmail.com",
    "name": "Jake Becker"
  }
]

PATCH /v3/access_control/policies/:policy_id/users

Update a list of users associated with a specific policy.

HTTP Verb	Resource	Description
PATCH	`/v3/access_control/policies/:policy_id/users`	Updates a list of users with a policy

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	AccessControlPolicyIdExample: `67`

Request Body

Property Name	Value	Description
user_ids	array of integer	List of user IDs

Sample Request

{
  "user_ids": [
    123
  ]
}

Sample Response

Status: 200 OK

[
  {
    "user_id": 123,
    "account_id": 123,
    "permissions": {
      "WorkflowProject": [
        {
          "operation": "view"
        }
      ],
      "WorkflowProjectLevel": [
        {
          "operation": "view",
          "name": "my_wf"
        }
      ],
      "Segmentation": [
        {
          "operation": "full"
        }
      ],
      "MasterSegmentConfigs": [
        {
          "operation": "view"
        }
      ],
      "MasterSegmentConfig": [
        {
          "operation": "view",
          "id": "42"
        }
      ],
      "SegmentAllFolders": [
        {
          "operation": "view",
          "audience_id": "42"
        }
      ],
      "SegmentFolder": [
        {
          "operation": "view",
          "id": "42"
        }
      ],
      "Authentications": [
        {
          "operation": "use"
        }
      ],
      "Sources": [
        {
          "operation": "restricted"
        }
      ],
      "Destinations": [
        {
          "operation": "restricted"
        }
      ]
    },
    "policies": [
      {
        "id": 67,
        "account_id": 123,
        "name": "some_policy",
        "description": "written about the policy",
        "user_count": 3
      }
    ]
  }
]

GET /v3/access_control/policies/{policy_id}/column_permissions

Retrieve information related to a policy that contains column-level permissions.

HTTP Verb	Resource	Description
GET	`/access_control/policies/{policy_id}/column_permissions`	Retrieve information related to a policy that contains column-level permissions.

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	AccessControlPolicyIdExample: `67`

Sample Response

{
  "tags": [
    "string"
  ],
  "except": true,
  "masking" : "hash"
}

GET /v3/access_control/policies?column_permissions_tag={tag}

Retrieve all policies that contain column tags.

HTTP Verb	Resource	Description
GET	`/v3/access_control/policies?column_permission_tag={tag}`	Retrieve all policies that contain column tags.

Sample Response

[
  {
    "id": 67,
    "account_id": 123,
    "name": "some_policy",
    "description": "written about the policy",
    "user_count": 3
  }
]

PATCH /v3/access_control/policies/{policy_id}/column_permissions

Update information related to a column-level access control policy.

Control Type	Description
Allow	A policy that allows access with “xxx, yyy, zzz” tags
Allow - Except	A policy that allows access to all columns with the exception of “aaa, bbb, ccc” tags
Mask	A policy that hides specified columns using modified content.

ALLOW

HTTP Verb	Resource	Description
PATCH	`/v3/access_control/policies/:policy_id/column_permissions`	Updates a specific policy to allow access to specific tags.

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	policy_idExample: `6196842`

Sample Request

curl -X PATCH \
     -H "Authorization: TD1 ${TD1_KEY}" \
     -H "Content-Type: application/json" \
     -d '{"column_permissions":[ {"tags":["home-address"]} ]}'

Sample Response

[
  {
    "tags": [
      "home-address"
    ]
  }
]

ALLOW Except

HTTP Verb	Resource	Description
PATCH	`/v3/access_control/policies/:policy_id/column_permissions`	Updates a specific policy to allow access to specific tags.

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	policy_idExample: `6196842`

Sample Request

curl -X PATCH \
     -H "Authorization: TD1 ${TD1_KEY}" \
     -H "Content-Type: application/json" \
     -d '{"column_permissions":[ {"tags":["email-raw"], "except":true} ]}'

Sample Response

[
  {
    "tags": [
      "email-raw"
    ],
    "except": true
  }
]

MASKING

HTTP Verb	Resource	Description
PATCH	`/v3/access_control/policies/:policy_id/column_permissions`	Updates a specific policy to allow access to specific tags.

URI Parameters

Parameter Name	Required	Type	Description
`policy_id`	Yes	integer	policy_idExample: `6196842`

Sample Request

curl -X PATCH \
     -H "Authorization: TD1 ${TD1_KEY}" \
     -H "Content-Type: application/json" \
     -d '{"column_permissions":[ {"tags":["home-address"], "masking":"hash"} ]}'

Sample Response

[
  {
    "tags": [
      "home-address"
    ],
    "masking": "hash"
  }
]

Permission Policy APICopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from ClaudeConnect to CursorInstall MCP server on CursorConnect to VS CodeInstall MCP server on VS Code

GET /v3/access_control/policies

Request Body

Sample Response

POST /v3/access_control/policies

Sample Request

Sample Response

GET /v3/access_control/policies/:policy_id

URI Parameters

Sample Response

PATCH /access_control/policies/:policy_id

URI Parameters

Parameter Name

Request Body

Sample Request

Sample Response

DELETE /v3/access_control/policies/:policy_id

URI Parameters

Sample Response

GET /v3/access_control/users/:user_id/policies

URI Parameters

Sample Response

PATCH /v3/access_control/users/:user_id/policies

URI Parameters

Request Body

Sample Request

Sample Response

POST /v3/access_control/users/:user_id/policies/:policy_id

URI Parameters

Sample Response

DELETE /v3/access_control/users/:user_id/policies/:policy_id

URI Parameters

Sample Response

POST /v3/access_control/policies/:policy_id/users/:user_id

URI Parameters

Sample Response

DELETE /v3/access_control/policies/:policy_id/users/:user_id

URI Parameters

Sample Response

GET /v3/access_control/permissions

Sample Response

GET /v3/access_control/policies/:policy_id/permissions

Sample Response

PATCH /v3/access_control/policies/:policy_id/permissions

URI Parameter

Available Body Request Fields

Sample Request

Sample Response

GET /v3/access_control/users

Sample Response

GET /v3/access_control/users/:user_id

URI Parameter

Sample Response

PATCH /v3/access_control/users/:user_id/permissions

URI Parameters

Request Body

Sample Request

Sample Response

GET /v3/access_control/policies/:policy_id/users

URI Parameters

Sample Response

PATCH /v3/access_control/policies/:policy_id/users

URI Parameters

Request Body

Sample Request

Sample Response

GET /v3/access_control/policies/{policy_id}/column_permissions

URI Parameters

Sample Response

GET /v3/access_control/policies?column_permissions_tag={tag}

Sample Response

PATCH /v3/access_control/policies/{policy_id}/column_permissions

ALLOW

URI Parameters

Sample Request

Sample Response

ALLOW Except

URI Parameters

Sample Request

Sample Response

Permission Policy API
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code