# V3 Create Policy

## Creates a policy

> Creates a new policy with dictionary references.\
> At the time of policy creation, the caller should only provide - contentTypes, name, scopes and type.\
> The rest of the information is populated automatically.\
> Note - You need to enable the policy after creation to start enforcing the policy.<br>

```json
{"openapi":"3.0.1","info":{"title":"Agent API","version":"25.8.1"},"servers":[{"url":"youragentURL.symphony.com/agent"}],"paths":{"/v3/dlp/policies":{"post":{"tags":["DLP Policies and Dictionary Management"],"summary":"Creates a policy","description":"Creates a new policy with dictionary references.\nAt the time of policy creation, the caller should only provide - contentTypes, name, scopes and type.\nThe rest of the information is populated automatically.\nNote - You need to enable the policy after creation to start enforcing the policy.\n","parameters":[{"name":"sessionToken","in":"header","description":"Session authentication token.","required":true,"schema":{"type":"string"}},{"name":"keyManagerToken","in":"header","description":"Key Manager authentication token.","schema":{"type":"string"}}],"requestBody":{"description":"Details about the policy that should be created.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/V3DLPPolicyRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/V3DLPPolicyResponse"}}}},"400":{"description":"Client error, see response body for further details.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401":{"description":"Unauthorized: Session tokens invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"403":{"description":"Forbidden: Caller lacks necessary entitlement.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"500":{"description":"Server error, see response body for further details.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}},"components":{"schemas":{"V3DLPPolicyRequest":{"required":["appliesTo","name","scopes"],"type":"object","properties":{"name":{"type":"string","description":"Unique name of a policy, max 30 characters. Cannot be empty. All the leading and trailing blank spaces are trimmed.\n"},"scopes":{"type":"array","description":"List of communication scopes. Possible values are \"Internal\" (for Internal conversations) or \"External\" (for External conversations).\nYou can apply both scopes if you set it to [\"Internal\", \"External\"].\n","items":{"type":"string"}},"appliesTo":{"type":"array","items":{"$ref":"#/components/schemas/V3DLPPolicyAppliesTo"}}},"description":"Request to be used to get policies."},"V3DLPPolicyAppliesTo":{"required":["action","dataType","rules"],"type":"object","properties":{"dataType":{"type":"string","description":"The list of data types that policy should apply to. Can't be empty.\nCan be [\"Messages\",\"RoomMeta\", \"SignalMeta\", \"FileContent\", \"FileMeta\"].\n"},"action":{"type":"string","description":"Action to be taken on violation detection.\nCan be [\"Block\", \"Warn\", \"LogOnly\"]. The default is \"LogOnly\".\n"},"rules":{"type":"array","items":{"$ref":"#/components/schemas/V3DLPRule"}}}},"V3DLPRule":{"required":["name","type"],"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string","description":"Type of a rule used by policy. Can be [\"UNKNOWN\", \"TEXT_MATCH\", \"FILE_EXTENSION\", \"FILE_SIZE\", \"FILE_PASSWORD\", \"FILE_CLASSIFIER\"]."},"name":{"type":"string","description":"Name for rule."},"textMatchConfig":{"$ref":"#/components/schemas/V3DLPTextMatchConfig"},"fileSizeConfig":{"$ref":"#/components/schemas/V3DLPFileSizeConfig"},"fileExtensionConfig":{"$ref":"#/components/schemas/V3DLPFileExtensionConfig"},"filePasswordConfig":{"$ref":"#/components/schemas/V3DLPFilePasswordConfig"},"fileClassifierConfig":{"$ref":"#/components/schemas/V3DLPFileClassifierConfig"}},"description":"A Rule defines the actual matching specification for policies. It holds a type and a configuration\nfor the rule, these properties should be used to build the corresponding matching implementation.\nOnly one of the configuration property should be set [textMatchConfig, fileSizeConfig, fileExtensionConfig, filePasswordConfig, fileClassifierConfig].\n"},"V3DLPTextMatchConfig":{"type":"object","required":["dictionaries","applicableFileTypes"],"properties":{"dictionaries":{"type":"array","items":{"$ref":"#/components/schemas/V3DLPDictionaryMeta"}},"countUniqueOccurrences":{"type":"integer","format":"int32"},"applicableFileTypes":{"type":"array","description":"File types must be applied only for rule type \"FileContent\", otherwise must be empty.\nCan be [\"PDF\", \"WORD\", \"EXCEL\", \"POWERPOINT\", \"ZIP\", \"CSV\", \"TXT\"].\n","items":{"type":"string"}}},"description":"This is a configuration that can be used to match text or regex.\nConfiguration that can be used by a rule. This is a configuration that can be used to match text or regex.\nThis configuration also corresponds to V2 TextMatch/RegexMatch of dictionaries.\n"},"V3DLPDictionaryMeta":{"required":["dictId","name","version"],"type":"object","properties":{"dictId":{"type":"string"},"version":{"type":"string"},"name":{"type":"string"}},"description":"Identity of a dictionary."},"V3DLPFileSizeConfig":{"type":"object","properties":{"sizeLimit":{"type":"integer","format":"int32"}},"description":"File size config defines maximum allowed size of file. Default max size limit is 20 MB."},"V3DLPFileExtensionConfig":{"required":["allowLists","blockLists"],"type":"object","properties":{"allowLists":{"type":"array","description":"File extensions that are allowed.","items":{"type":"string"}},"blockLists":{"type":"array","description":"File extensions that are blocked.","items":{"type":"string"}}},"description":"Extension detection config for allowed and blocked types of file extensions."},"V3DLPFilePasswordConfig":{"required":["applicableFileTypes","matchCriteria"],"type":"object","properties":{"applicableFileTypes":{"type":"array","description":"File types that can be applied. Can be [\"PDF\", \"WORD\", \"EXCEL\", \"POWERPOINT\", \"ZIP\", \"CSV\", \"TXT\"].","items":{"type":"string"}},"matchCriteria":{"type":"string","description":"Based on the criteria, whether a file is password protected or not means a match.\nCan be [\"PASSWORD_PROTECTED\", \"NOT_PASSWORD_PROTECTED\"]. The default is \"NOT_PASSWORD_PROTECTED\".\n"}},"description":"Password protected detection config for files that are password protected or not."},"V3DLPFileClassifierConfig":{"required":["applicableFileTypes","classifiers"],"type":"object","properties":{"classifiers":{"type":"object","additionalProperties":{"type":"string"},"description":"Classifier is defined as a Key and its Value: e.g.: \"classification\": \"Internal\".\nName and value can contain UTF-8 characters. Neither the name nor value cannot be left empty.\nMaximum 30 characters for the name and value, case insensitive.\nIf files contains k-v pairs in the classifers map, it means a match. Maximum 30 classifiers per policy.\n"},"applicableFileTypes":{"type":"array","description":"File types that can be applied. Can be [\"PDF\", \"WORD\", \"EXCEL\", \"POWERPOINT\", \"ZIP\", \"CSV\", \"TXT\"].","items":{"type":"string"}}}},"V3DLPPolicyResponse":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/V3DLPPolicy"}},"description":"Policy Response."},"V3DLPPolicy":{"type":"object","required":["appliesTo"],"properties":{"id":{"type":"string","description":"Unique identifier for policy."},"policyId":{"type":"string","description":"Policy Id."},"version":{"type":"string","description":"The version of the policy, in format \"major.minor\". Initial value will set by backend as \"3.0\" when created.\nWhenever the policy version needs to be changed, the minor version by 1 unless minor == 999,\nthen the major version is increased by 1 until it reaches 999.\n"},"name":{"type":"string","description":"Unique name of policy, max 30 characters. Cannot be empty. All the leading and trailing blank spaces are trimmed.\n"},"creatorId":{"type":"integer","description":"Numeric userId of the creator.","format":"int64"},"scopes":{"type":"array","description":"List of communication scopes. Possible values are \"Internal\" (for Internal conversations) or \"External\" (for External conversations).\nYou can apply both scopes if you set it to [\"Internal\", \"External\"].\n","items":{"type":"string"}},"appliesTo":{"type":"array","items":{"$ref":"#/components/schemas/V3DLPPolicyAppliesTo"}},"active":{"type":"boolean","description":"Indicate whether the policy is active or not."},"deleted":{"type":"boolean","description":"Indicate whether the policy is deleted or not."},"creationDate":{"type":"integer","description":"Creation time of the policy in milliseconds elapsed as of epoch time.","format":"int64"},"lastUpdatedDate":{"type":"integer","description":"Recent update time of the policy in milliseconds elapsed as of epoch time.","format":"int64"},"lastDisabledDate":{"type":"integer","description":"Recent disable time of the policy in milliseconds elapsed as of epoch time.","format":"int64"},"systemPolicy":{"type":"boolean"}},"description":"A policy is the main entity of V3 policy/rule system. It is responsible to define rules and add scope constraints to the engine.\n"},"Error":{"type":"object","properties":{"code":{"type":"integer","format":"int32"},"message":{"type":"string"}}}}}}
```

After you create a policy, call [Enable Policy](https://rest-api.symphony.com/main/dlp-dictionary-and-policy-management/v3-policy-management-endpoints/v3-enable-policy) to start enforcing the policy.

## AppliesTo

Configuration applies to policy

<table data-full-width="true"><thead><tr><th width="142">Field</th><th width="182">Type</th><th width="99.99999999999997">Required</th><th>Description</th></tr></thead><tbody><tr><td>dataType</td><td><strong>string</strong></td><td>Yes</td><td>The list of data types that policy should apply to. Can't be empty. Can be one of [“Messages","RoomMeta", "SignalMeta", "FileContent", "FileMeta"]</td></tr><tr><td>action</td><td><strong>string</strong></td><td>Yes</td><td><p><strong>Action</strong> to be taken on violation detection.</p><p>Can be one of ["Block", "Warn", "LogOnly"]. The default is "LogOnly".</p></td></tr><tr><td>rules</td><td><p>rules</p><p><em>array_object</em></p><p>See Rules</p></td><td>Yes</td><td><p>A Rule defines the actual matching specification for policies. It holds a type and a configuration for the rule, these properties should be used to build the corresponding matching implementation.</p><p>Only one of the configuration property should be set [textMatchConfig, fileSizeConfig, fileExtensionConfig, filePasswordConfig, fileClassifierConfig].</p></td></tr></tbody></table>

## Rules

Configuration for rules

<table data-full-width="true"><thead><tr><th width="142">Field</th><th width="131">Type</th><th width="202.99999999999997">Required</th><th>Description</th></tr></thead><tbody><tr><td>type</td><td><strong>string</strong></td><td>Yes</td><td>Type of a rule used by policy. Can be [" "TEXT_MATCH", "FILE_EXTENSION", "FILE_SIZE", "FILE_PASSWORD", "FILE_CLASSIFIER"].</td></tr><tr><td>name</td><td><strong>string</strong></td><td>Yes</td><td>Name for rule.</td></tr><tr><td>textMatchConfig</td><td><strong>object</strong></td><td>Only one of the configuration property should be set [textMatchConfig, fileClassifierConfig, filePasswordConfig].</td><td>This is a configuration that can be used to match text or regex. Configuration that can be used by a rule. This is a configuration that can be used to match text or regex. This configuration also corresponds to V2 TextMatch/RegexMatch of dictionaries. See TextMatchConfig</td></tr><tr><td>filePasswordConfig</td><td><strong>object</strong></td><td>Only one of the configuration property should be set [textMatchConfig, fileClassifierConfig, filePasswordConfig].</td><td>Password protected detection config for files that are password protected or not.</td></tr><tr><td>fileClassifierConfig</td><td><strong>object</strong></td><td>Only one of the configuration property should be set [textMatchConfig, fileClassifierConfig, filePasswordConfig].</td><td>Extension detection config for allowed and blocked types of file extensions.</td></tr></tbody></table>

## TextMatchConfig

<table data-full-width="true"><thead><tr><th width="242">Field</th><th width="156">Type</th><th width="263">Required</th><th>Description</th></tr></thead><tbody><tr><td>dictionaries</td><td><p><strong>array_object</strong></p><p>see DictionaryMeta</p></td><td>Yes</td><td>List of dictionaries to apply in config. See DictionaryMeta</td></tr><tr><td>countUniqueOccurrences</td><td><strong>string</strong></td><td>Yes</td><td>Count of unique occurrences to be matched.</td></tr><tr><td>applicableFileTypes</td><td><strong>array_string</strong></td><td>File types must be applied only for rule type "FileContent", otherwise must be empty.</td><td>Can be ["PDF", "WORD", "EXCEL", "POWERPOINT", "ZIP", "CSV", "TXT"].</td></tr></tbody></table>

Field

## DictionaryMeta

<table data-full-width="true"><thead><tr><th>Field</th><th>Type</th><th width="131.99999999999997">Required</th><th>Description</th></tr></thead><tbody><tr><td>dictId</td><td><strong>string</strong></td><td>Yes</td><td>Unique dictionary identifier.</td></tr><tr><td>name</td><td><strong>string</strong></td><td>Yes</td><td>Dictionary version.</td></tr><tr><td>version</td><td><strong>string</strong></td><td>Yes</td><td>Dictionary name.</td></tr></tbody></table>

## FileClassifierConfig

<table data-full-width="true"><thead><tr><th width="197.99999999999997">Field</th><th width="188">Type</th><th width="111">Required</th><th>Description</th></tr></thead><tbody><tr><td>classifiers</td><td>Map&#x3C;String, String></td><td>Yes</td><td><p>Classifier is defined as a Key and its Value: e.g.: "classification": "Internal". Name and value can contain UTF-8 characters. Neither the name nor value cannot be left empty.</p><p>Maximum 30 characters for the name and value, case insensitive.</p><p>If files contains k-v pairs in the classifers map, it means a match. Maximum 30 classifiers per policy.</p></td></tr><tr><td>applicableFileTypes</td><td><strong>array_string</strong></td><td>Yes</td><td>File types that can be applied. Can be ["PDF", "WORD", "EXCEL", "POWERPOINT", "ZIP", "CSV", "TXT"].</td></tr></tbody></table>

## FilePasswordConfig

<table data-full-width="true"><thead><tr><th width="198.99999999999997">Field</th><th width="138">Type</th><th width="111">Required</th><th>Description</th></tr></thead><tbody><tr><td>applicableFileTypes</td><td><strong>array_string</strong></td><td>Yes</td><td>File types that can be applied. Can be ["PDF", "WORD", "EXCEL", "POWERPOINT", "ZIP", "CSV", "TXT"].</td></tr><tr><td>matchCriteria</td><td><strong>array_string</strong></td><td>Yes</td><td>Based on the criteria, whether a file is password protected or not means a match.Can be ["PASSWORD_PROTECTED". "NOT_PASSWORD_PROTECTED"]. The default is "NOT_PASSWORD_PROTECTED".</td></tr></tbody></table>

> #### 🚧 Required Permissions
>
> Calling this endpoint requires a Service User Account set with the Expression Filter Policy Management role. For more information about Service User accounts and their roles, see the [Symphony Administration Guide](https://symphony.direct/).
>
> See [Bot Permissions](https://docs.developers.symphony.com/building-bots-on-symphony/configuration/bot-permissions) for a list of roles and associated privileges.