Skip to main content
PATCH
/
orgs
/
{org_id}
/
k2
/
{kb_id}
/
policies
/
{policy_id}
cURL
curl --request PATCH \
  --url https://api.timbal.ai/orgs/{org_id}/k2/{kb_id}/policies/{policy_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "break_glass_allowed": true,
  "column_masks": {},
  "compliance_tags": [
    "<string>"
  ],
  "description": "<string>",
  "enabled": true,
  "external_id": "<string>",
  "labels": "<unknown>",
  "name": "<string>",
  "purpose_tags": [
    "<string>"
  ],
  "row_filter_dsl": "<unknown>",
  "table_name": "<string>"
}
'
{
  "break_glass_allowed": true,
  "compliance_tags": [
    "<string>"
  ],
  "created_at": "2023-11-07T05:31:56Z",
  "enabled": true,
  "id": "<string>",
  "kb_id": "<string>",
  "labels": {},
  "name": "<string>",
  "purpose_tags": [
    "<string>"
  ],
  "revision": 123,
  "row_filter_dsl": {},
  "updated_at": "2023-11-07T05:31:56Z",
  "column_masks": {},
  "description": "<string>",
  "external_id": "<string>",
  "table_name": "<string>"
}

Authorizations

Authorization
string
header
required

Timbal API key. Obtain your API key from the Timbal platform settings. See Authentication for more information.

Path Parameters

org_id
string
required
kb_id
string
required
policy_id
string
required

Body

application/json
audit_level
null | enum<string>

Audit verbosity for matches against this rule.

Available options:
none,
normal,
verbose
break_glass_allowed
boolean | null
column_masks
object

Omit to leave unchanged; send null to clear all masks.

compliance_tags
string[] | null
description
string | null

Omit to leave unchanged; send null to clear.

enabled
boolean | null
external_id
string | null
labels
any
name
string | null
purpose_tags
string[] | null
row_filter_dsl
any

Omit to leave unchanged; send null to clear the row filter.

source
null | enum<string>

Provenance of the rule.

Available options:
manual,
imported,
derived
table_name
string | null

Omit to leave unchanged; send null to apply to every table.

Response

Policy updated

audit_level
enum<string>
required

Audit verbosity for matches against this rule.

Available options:
none,
normal,
verbose
break_glass_allowed
boolean
required

Whether sessions may bypass the rule via a logged escalation.

compliance_tags
string[]
required

Compliance classifications (e.g. hipaa.phi, pci.pan).

created_at
string<date-time>
required
enabled
boolean
required

When false, the rule body is inactive everywhere it is bound.

id
string
required
kb_id
string
required
labels
object
required

Free-form key/value labels.

name
string
required

Operator-facing label.

purpose_tags
string[]
required

Purpose-of-use bindings (e.g. treatment, research).

revision
integer<int32>
required

Optimistic-concurrency token. Echo back via If-Match on mutations.

row_filter_dsl
object
required

Row predicate authored as JSON. Stored opaquely in this release.

source
enum<string>
required

Provenance of the rule.

Available options:
manual,
imported,
derived
updated_at
string<date-time>
required
column_masks
object

Per-column transformation map. Null means no masks. {"col": {"type":"redact"}} is the canonical "hide this column".

description
string | null
external_id
string | null
table_name
string | null

Target table within the knowledge base. Null applies to every table.