Policy Schemas

List policy schemas

zones.policy_schemas.list(, ) -> PolicySchemaListResponse

GET/zones/{zone_id}/policy-schemas

Get a policy schema by version

zones.policy_schemas.retrieve(, ) -> SchemaVersionWithZoneInfo

GET/zones/{zone_id}/policy-schemas/{version}

Set the default policy schema for a zone

zones.policy_schemas.set_default(, ) -> SchemaVersionWithZoneInfo

PATCH/zones/{zone_id}/policy-schemas/{version}

ModelsExpand Collapse

class SchemaVersion: …

A versioned Cedar schema that defines the entity model, actions, and context shape used for policy evaluation. The schema contains the valid entity types (User, Application, Resource), their attributes, and the allowed attribute values. See the Credentials API spec for a full reference of entity attributes and valid values.

created_at: datetime

formatdate-time

status: Literal["active", "deprecated", "archived"]

Controls what can be done with this schema version:

"active" - new policy versions can be created and validated against it.
"deprecated" - superseded by a newer version but still accepts new policy versions.
"archived" - closed to new policy versions. Existing policy set versions pinned to this schema still evaluate normally.

Accepts one of the following:

"active"

"deprecated"

"archived"

updated_at: datetime

formatdate-time

version: str

archived_at: Optional[datetime]

formatdate-time

cedar_schema: Optional[str]

Cedar schema in human-readable syntax. Populated when format=cedar.

cedar_schema_json: Optional[object]

Cedar schema as JSON object. Populated when format=json (default).

deprecated_at: Optional[datetime]

formatdate-time

class SchemaVersionWithZoneInfo: …

is_default: bool

Whether this is the zone's default schema. Clients use this to pre-select which schema to write policies against. Has no effect on evaluation.