--- title: "Policy SDK reference" description: "Customer-hosted cloud features" --- # Policy SDK reference #### Customer-hosted cloud features :::note Some features are only available on customer-hosted clouds. Reach out to [support@anyscale.com](mailto:support@anyscale.com) for info. ::: ## Policy SDK ### `anyscale.policy.set` Set user group permission policy for a resource. For organization policies, resource\_id cannot be specified, the policy will be set for your current organization automatically. Valid role\_name values by resource type: **Cloud**: - `collaborator`: Read/write access (create, read, update, delete) - `readonly`: Read-only access **Project**: - `collaborator`: Read/write access (create, read, update) - `readonly`: Read-only access **Organization**: - `owner`: Full control (write + collaborator management) - `collaborator`: Read/write access to organization resources **Arguments** - **`resource_type` (str)**: Resource type ('cloud', 'project', or 'organization'). - **`config` ([PolicyConfig](#policyconfig))**: Policy configuration with role bindings. - **`resource_id` (str | None) = None**: Resource ID (e.g., cld\_abc123, prj\_xyz789). Required for 'cloud' and 'project' types, not allowed for 'organization'. #### Examples ::::tabs :::tab[Python] ```python import anyscale from anyscale.policy.models import PolicyConfig, PolicyBinding # Set policy for a cloud policy_config = PolicyConfig( bindings=[ PolicyBinding(role_name="collaborator", principals=["ug_abc123"]), PolicyBinding(role_name="readonly", principals=["ug_def456", "ug_ghi789"]), ] ) anyscale.policy.set( resource_type="cloud", resource_id="cld_abc123", config=policy_config, ) # Set policy for your organization (no resource_id needed) org_policy = PolicyConfig( bindings=[ PolicyBinding(role_name="owner", principals=["ug_admins"]), PolicyBinding(role_name="collaborator", principals=["ug_developers"]), ] ) anyscale.policy.set( resource_type="organization", config=org_policy, ) ``` ::: :::: ### `anyscale.policy.get` Get user group permission policy for a resource. For organization policies, resource\_id cannot be specified, the policy for your current organization will be returned automatically. Returns a Policy object with role bindings. **Arguments** - **`resource_type` (str)**: Resource type ('cloud', 'project', or 'organization'). - **`resource_id` (str | None) = None**: Resource ID (e.g., cld\_abc123, prj\_xyz789). Required for 'cloud' and 'project' types, not allowed for 'organization'. **Returns**: [Policy](#policy) #### Examples ::::tabs :::tab[Python] ```python import anyscale from anyscale.policy.models import Policy # Get policy for a cloud policy = anyscale.policy.get(resource_type="cloud", resource_id="cld_abc123") for binding in policy.bindings: print(f"{binding.role_name}: {binding.principals}") # Get policy for your organization (no resource_id needed) org_policy = anyscale.policy.get(resource_type="organization") for binding in org_policy.bindings: print(f"{binding.role_name}: {binding.principals}") ``` ::: :::: ### `anyscale.policy.list` List permission policies for all resources of a specific type. Returns a list of ResourcePolicy objects. **Arguments** - **`resource_type` (str)**: Resource type to list policies for ('cloud' or 'project'). **Returns**: List\[[ResourcePolicy](#resourcepolicy)\] #### Examples ::::tabs :::tab[Python] ```python import anyscale from anyscale.policy.models import ResourcePolicy policies = anyscale.policy.list(resource_type="cloud") for policy in policies: print(f"{policy.resource_id}: {policy.bindings}") ``` ::: :::: ## Policy models ### `Policy` Policy model representing the policy for a single resource. #### Fields - **`bindings` (List\[[PolicyBinding](#policybinding)\])**: List of role bindings for the policy. - **`sync_status` ([PolicySyncStatus](#policysyncstatus))**: Sync status of the policy (pending, success, or failed). #### Python Methods ```python def to_dict(self) -> Dict[str, Any] """Return a dictionary representation of the model.""" ``` #### Examples ::::tabs :::tab[Python] ```python import anyscale from anyscale.policy.models import Policy policy = anyscale.policy.get(resource_type="cloud", resource_id="cld_abc123") print(f"Sync status: {policy.sync_status}") for binding in policy.bindings: print(f"{binding.role_name}: {binding.principals}") ``` ::: :::: ### `PolicyBinding` A binding of a role to a list of principals (user group IDs). #### Fields - **`role_name` (str)**: The role name. For cloud/project policies use 'collaborator' or 'readonly'. For organization policies use 'owner' or 'collaborator'. - **`principals` (List\[str\])**: List of user group IDs that have this role. #### Python Methods ```python def to_dict(self) -> Dict[str, Any] """Return a dictionary representation of the model.""" ``` #### Examples ::::tabs :::tab[Python] ```python from anyscale.policy.models import PolicyBinding binding = PolicyBinding(role_name="collaborator", principals=["ug_abc123"]) ``` ::: :::: ### `PolicyConfig` Policy configuration with role bindings. #### Fields - **`bindings` (List\[[PolicyBinding](#policybinding)\])**: List of role bindings for the policy. #### Python Methods ```python def __init__(self, **fields) -> PolicyConfig """Construct a model with the provided field values set.""" def options(self, **fields) -> PolicyConfig """Return a copy of the model with the provided field values overwritten.""" def to_dict(self) -> Dict[str, Any] """Return a dictionary representation of the model.""" ``` #### Examples ::::tabs :::tab[YAML] ```yaml bindings: - role_name: collaborator principals: - ug_abc123 - role_name: readonly principals: - ug_def456 - ug_ghi789 ``` ::: :::tab[Python] ```python from anyscale.policy.models import PolicyBinding, PolicyConfig config = PolicyConfig( bindings=[ PolicyBinding(role_name="collaborator", principals=["ug_abc123"]), PolicyBinding(role_name="readonly", principals=["ug_def456", "ug_ghi789"]), ] ) ``` ::: :::: ### `PolicySyncStatus` Sync status for resource permission policies. #### Values - **`pending`**: Policy is pending synchronization. - **`success`**: Policy has been successfully synchronized. - **`failed`**: Policy synchronization has failed. ### `ResourcePolicy` Resource policy model representing permissions for a resource. #### Fields - **`resource_id` (str)**: The ID of the resource. - **`resource_type` (str)**: The type of the resource (e.g., 'cloud', 'project'). - **`bindings` (List\[[PolicyBinding](#policybinding)\])**: List of role bindings for the policy. - **`sync_status` ([PolicySyncStatus](#policysyncstatus))**: Sync status of the policy (pending, success, or failed). #### Python Methods ```python def to_dict(self) -> Dict[str, Any] """Return a dictionary representation of the model.""" ``` #### Examples ::::tabs :::tab[Python] ```python import anyscale from anyscale.policy.models import ResourcePolicy policies = anyscale.policy.list(resource_type="cloud") for policy in policies: print(f"{policy.resource_id}: {policy.bindings} (sync_status: {policy.sync_status})") ``` ::: :::: --- Previous: [Organization invitation](/reference/sdk/organization-invitation.md) | Next: [Project](/reference/sdk/project.md)