PgBeam Docs
policies

policies update

Update a policy profile

Update a policy profile. Changes hot-reload to active agent sessions. Pass individual flags to change specific fields, or --file to supply the full profile body as JSON. Because the API replaces the whole profile, unspecified fields are read from the current profile first so single-flag edits are non-destructive. Fields set via --file are overlaid by any individual flags.

Usage

pgbeam policies update <id> [flags]

Options

OptionDescriptionRequiredDefault
<id>Policy profile IDYes-
--name <value>New policy profile nameNo-
--mode <value>Access mode: read_only or read_writeNo-
--write-mode <value>How writes are handled: normal, rollback, or sandboxNo-
--approval-mode <value>Which statements need approval: off, writes, ddl, or allNo-
--approval-timeout-seconds <value>How long a held statement waits for a decision before expiringNo-
--approval-auto-max-rows <value>Statements touching at most this many rows are auto-approved (0 disables)No-
--migration-safety <value>Migration safety mode: off, warn, or blockNo-
--table-allowlist <value>Comma-separated relations to allow (replaces the current list)No-
--table-denylist <value>Comma-separated relations to deny (replaces the current list)No-
--max-rows <value>Max rows returned per query (0 means unlimited)No-
--budget-queries-per-hour <value>Max queries per rolling hour (0 means unlimited)No-
--budget-queries-per-day <value>Max queries per day (0 means unlimited)No-
--egress-bytes-per-day <value>Per-day egress budget in bytes (0 means unlimited)No-
--statement-timeout-ms <value>Upstream statement timeout for agent sessions (0 uses the project default)No-
--file <value>Path to a JSON file with the full profile bodyNo-

Global options

All global options (--token, --profile, --project, --org, --json, --no-color, --debug) are also available on this command.

Examples

# Switch a profile to read-write
pgbeam policies update pol_xxx --mode read_write

# Restrict a profile to two tables
pgbeam policies update pol_xxx --table-allowlist public.users,public.orders

# Cap daily budget and rows per query
pgbeam policies update pol_xxx --budget-queries-per-day 5000 --max-rows 1000

# Replace the full profile from a JSON file
pgbeam policies update pol_xxx --file ./policy.json

Output

Prints a success message. With --json, returns the updated policy profile.

On this page