UPDATEPOLICYTEMPLATE()`¶

About UpdatePolicyTemplate¶

Updates the specified policy template. You can update only the description and the some elements of the policyBody.

Changes you make to the policy template content are immediately (within the constraints of eventual consistency) reflected in authorization decisions that involve all template-linked policies instantiated from this template.

Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.

Method Signature¶

METHODS /AWS1/IF_VPS~UPDATEPOLICYTEMPLATE
  IMPORTING
    !IV_POLICYSTOREID TYPE /AWS1/VPSPOLICYSTOREID OPTIONAL
    !IV_POLICYTEMPLATEID TYPE /AWS1/VPSPOLICYTEMPLATEID OPTIONAL
    !IV_DESCRIPTION TYPE /AWS1/VPSPOLICYTEMPLATEDESC OPTIONAL
    !IV_STATEMENT TYPE /AWS1/VPSPOLICYSTATEMENT OPTIONAL
    !IV_NAME TYPE /AWS1/VPSPOLICYTEMPLATENAME OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_vpsupdplytmploutput
  RAISING
    /AWS1/CX_VPSACCESSDENIEDEX
    /AWS1/CX_VPSINTERNALSERVEREX
    /AWS1/CX_VPSTHROTTLINGEX
    /AWS1/CX_VPSVALIDATIONEX
    /AWS1/CX_VPSCONFLICTEXCEPTION
    /AWS1/CX_VPSRESOURCENOTFOUNDEX
    /AWS1/CX_VPSCLIENTEXC
    /AWS1/CX_VPSSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING¶

Required arguments:¶

`iv_policystoreid` `TYPE /AWS1/VPSPOLICYSTOREID` `/AWS1/VPSPOLICYSTOREID`¶

Specifies the ID of the policy store that contains the policy template that you want to update.

To specify a policy store, use its ID or alias name. When using an alias name, prefix it with policy-store-alias/. For example:

ID: PSEXAMPLEabcdefg111111

Alias name: policy-store-alias/example-policy-store

To view aliases, use ListPolicyStoreAliases.

`iv_policytemplateid` `TYPE /AWS1/VPSPOLICYTEMPLATEID` `/AWS1/VPSPOLICYTEMPLATEID`¶

Specifies the ID of the policy template that you want to update.

You can use the policy template name in place of the policy template ID. When using a name, prefix it with name/. For example:

ID: PTEXAMPLEabcdefg111111

Name: name/example-policy-template

`iv_statement` `TYPE /AWS1/VPSPOLICYSTATEMENT` `/AWS1/VPSPOLICYSTATEMENT`¶

Specifies new statement content written in Cedar policy language to replace the current body of the policy template.

You can change only the following elements of the policy body:

The action referenced by the policy template.

Any conditional clauses, such as when or unless clauses.

You can't change the following elements:

The effect (permit or forbid) of the policy template.

The principal referenced by the policy template.

The resource referenced by the policy template.

Optional arguments:¶

`iv_description` `TYPE /AWS1/VPSPOLICYTEMPLATEDESC` `/AWS1/VPSPOLICYTEMPLATEDESC`¶

Specifies a new description to apply to the policy template.

`iv_name` `TYPE /AWS1/VPSPOLICYTEMPLATENAME` `/AWS1/VPSPOLICYTEMPLATENAME`¶

Specifies a name for the policy template that is unique among all policy templates within the policy store. You can use the name in place of the policy template ID in API operations that reference the policy template. The name must be prefixed with name/.

If you don't include the name in an update request, the existing name is unchanged. To remove a name, set it to an empty string ("").

If you specify a name that is already associated with another policy template in the policy store, you receive a ConflictException error.

RETURNING¶

`oo_output` `TYPE REF TO /aws1/cl_vpsupdplytmploutput` `/AWS1/CL_VPSUPDPLYTMPLOUTPUT`¶

Examples¶

Syntax Example¶

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->updatepolicytemplate(
  iv_description = |string|
  iv_name = |string|
  iv_policystoreid = |string|
  iv_policytemplateid = |string|
  iv_statement = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_policystoreid = lo_result->get_policystoreid( ).
  lv_policytemplateid = lo_result->get_policytemplateid( ).
  lv_timestampformat = lo_result->get_createddate( ).
  lv_timestampformat = lo_result->get_lastupdateddate( ).
ENDIF.

UpdatePolicyTemplate¶

The following example updates a policy template with both a new description and a new policy body. The effect, principal, and resource are the same as the original policy template. Only the action in the head, and the when and unless clauses can be different.

Note The JSON in the parameters of this operation are strings that can contain embedded quotation marks (") within the outermost quotation mark pair. This requires that you stringify the JSON object by preceding all embedded quotation marks with a backslash character ( \" ) and combining all lines into a single text line with no line breaks.

Example strings might be displayed wrapped across multiple lines here for readability, but the operation requires the parameters be submitted as single line strings.

DATA(lo_result) = lo_client->updatepolicytemplate(
  iv_description = |My updated template description|
  iv_name = |name/example-policy-template-2|
  iv_policystoreid = |C7v5xMplfFH3i3e4Jrzb1a|
  iv_policytemplateid = |PTEXAMPLEabcdefg111111|
  iv_statement = |"ResearchAccess"
  permit(
  principal in ?principal,
  action == Action::"view",
  resource in ?resource"
  )
  when {
  principal has department && principal.department == "research"
  };|
).

/AWS1/IF_VPS=>UPDATEPOLICYTEMPLATE()¶