Policies
CreatePolicyProfile
Create a policy profile
Creates a policy profile that can be attached to agent credentials.
Usage
result, err := client.Policies.CreatePolicyProfile(ctx, "prj_xxx", pgbeam.PolicyProfileInput{
Name: "...",
})Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| ctx | context.Context | Yes | Request context |
| projectID | string | Yes | Unique project identifier (prefixed, e.g. prj_xxx). |
| req | pgbeam.PolicyProfileInput | Yes | Request body |
| req.Name | string | Yes | Human-readable name for the policy profile. |
| req.AccessMode | *string | No | read_only blocks all data and schema mutations. |
| req.StatementRules | *pgbeam.StatementRules | No | |
| req.TableAllowlist | *[]string | No | If non-empty, only these relations are reachable. |
| req.TableDenylist | *[]string | No | Relations explicitly blocked. |
| req.MaskingRules | *[]pgbeam.MaskingRule | No | Column masking rules applied to query results. |
| req.BudgetQueriesPerHour | *int | No | Max queries per rolling hour window. 0 means unlimited. |
| req.BudgetQueriesPerDay | *int | No | Max queries per day window. 0 means unlimited. |
| req.MaxRows | *int | No | Max rows returned per query. 0 means unlimited. |
| req.StatementTimeoutMs | *int | No | Upstream statement timeout for agent sessions. 0 uses the project default. |
| req.RowFilters | *[]pgbeam.RowFilter | No | Per-relation row filters ANDed into agent reads. |
| req.WriteMode | *string | No | How writes are handled. normal commits, rollback auto-rolls back, sandbox routes to an ephemeral branch. |
| req.ApprovalMode | *string | No | Which statement classes require human approval before execution. |
| req.ApprovalAutoMaxRows | *int | No | Statements touching at most this many rows are auto-approved. 0 means none. |
| req.ApprovalTimeoutSeconds | *int | No | How long a held statement waits for a decision before expiring. |
| req.MigrationSafety | *string | No | Migration safety mode. warn surfaces findings, block refuses unsafe DDL. |
| req.EgressBytesPerDay | *int | No | Per-day egress budget in bytes. 0 means unlimited. |
Response
(*pgbeam.PolicyProfile, error) — policy profile created.
Example
import pgbeam "go.pgbeam.com/sdk"
client := pgbeam.NewClient(&pgbeam.ClientOptions{
APIKey: "pgb_your_api_key",
})
result, err := client.Policies.CreatePolicyProfile(ctx, "prj_xxx", pgbeam.PolicyProfileInput{
Name: "...",
AccessMode: "read_only",
StatementRules: pgbeam.StatementRules{ /* ... */ },
TableAllowlist: nil,
TableDenylist: nil,
MaskingRules: nil,
})
if err != nil {
log.Fatal(err)
}
fmt.Println(result)Errors
| Status | Description |
|---|---|
| 400 | Invalid request parameters. |
| 401 | Missing or invalid authentication. |
| 403 | Operation not allowed by current plan limits. |
| 404 | Resource not found. |
| 409 | Resource already exists or conflicts with current state. |
| 429 | Rate limited. Try again later. |