# Policies

## CreateProjectPolicy

**post** `/gitpod.v1.ProjectService/CreateProjectPolicy`

Creates a new policy for a project.

Use this method to:

- Set up access controls
- Define group permissions
- Configure role-based access

### Examples

- Create admin policy:

  Grants admin access to a group.

  ```yaml
  projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60"
  role: PROJECT_ROLE_ADMIN
  ```

### Body Parameters

- `groupId: optional string`

  group_id specifies the group_id identifier

- `projectId: optional string`

  project_id specifies the project identifier

- `role: optional ProjectRole`

  - `"PROJECT_ROLE_UNSPECIFIED"`

  - `"PROJECT_ROLE_ADMIN"`

  - `"PROJECT_ROLE_USER"`

  - `"PROJECT_ROLE_EDITOR"`

### Returns

- `policy: optional ProjectPolicy`

  - `groupId: optional string`

  - `role: optional ProjectRole`

    role is the role assigned to the group

    - `"PROJECT_ROLE_UNSPECIFIED"`

    - `"PROJECT_ROLE_ADMIN"`

    - `"PROJECT_ROLE_USER"`

    - `"PROJECT_ROLE_EDITOR"`

### Example

```http
curl https://app.gitpod.io/api/gitpod.v1.ProjectService/CreateProjectPolicy \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $GITPOD_API_KEY" \
    -d '{}'
```

#### Response

```json
{
  "policy": {
    "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "role": "PROJECT_ROLE_UNSPECIFIED"
  }
}
```

## DeleteProjectPolicy

**post** `/gitpod.v1.ProjectService/DeleteProjectPolicy`

Deletes a project policy.

Use this method to:

- Remove access controls
- Revoke permissions
- Clean up policies

### Examples

- Delete policy:

  Removes a group's access policy.

  ```yaml
  projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60"
  ```

### Body Parameters

- `groupId: optional string`

  group_id specifies the group_id identifier

- `projectId: optional string`

  project_id specifies the project identifier

### Example

```http
curl https://app.gitpod.io/api/gitpod.v1.ProjectService/DeleteProjectPolicy \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $GITPOD_API_KEY" \
    -d '{}'
```

#### Response

```json
{}
```

## ListProjectPolicies

**post** `/gitpod.v1.ProjectService/ListProjectPolicies`

Lists policies for a project.

Use this method to:

- View access controls
- Check policy configurations
- Audit permissions

### Examples

- List policies:

  Shows all policies for a project.

  ```yaml
  projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  pagination:
    pageSize: 20
  ```

### Query Parameters

- `token: optional string`

- `pageSize: optional number`

### Body Parameters

- `pagination: optional object { token, pageSize }`

  pagination contains the pagination options for listing project policies

  - `token: optional string`

    Token for the next set of results that was returned as next_token of a
    PaginationResponse

  - `pageSize: optional number`

    Page size is the maximum number of results to retrieve per page.
    Defaults to 25. Maximum 100.

- `projectId: optional string`

  project_id specifies the project identifier

### Returns

- `pagination: optional object { nextToken }`

  - `nextToken: optional string`

    Token passed for retrieving the next set of results. Empty if there are no
    more results

- `policies: optional array of ProjectPolicy`

  - `groupId: optional string`

  - `role: optional ProjectRole`

    role is the role assigned to the group

    - `"PROJECT_ROLE_UNSPECIFIED"`

    - `"PROJECT_ROLE_ADMIN"`

    - `"PROJECT_ROLE_USER"`

    - `"PROJECT_ROLE_EDITOR"`

### Example

```http
curl https://app.gitpod.io/api/gitpod.v1.ProjectService/ListProjectPolicies \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $GITPOD_API_KEY" \
    -d '{}'
```

#### Response

```json
{
  "pagination": {
    "nextToken": "nextToken"
  },
  "policies": [
    {
      "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "role": "PROJECT_ROLE_UNSPECIFIED"
    }
  ]
}
```

## UpdateProjectPolicy

**post** `/gitpod.v1.ProjectService/UpdateProjectPolicy`

Updates an existing project policy.

Use this method to:

- Modify access levels
- Change group roles
- Update permissions

### Examples

- Update policy role:

  Changes a group's access level.

  ```yaml
  projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047"
  groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60"
  role: PROJECT_ROLE_EDITOR
  ```

### Body Parameters

- `groupId: optional string`

  group_id specifies the group_id identifier

- `projectId: optional string`

  project_id specifies the project identifier

- `role: optional ProjectRole`

  - `"PROJECT_ROLE_UNSPECIFIED"`

  - `"PROJECT_ROLE_ADMIN"`

  - `"PROJECT_ROLE_USER"`

  - `"PROJECT_ROLE_EDITOR"`

### Returns

- `policy: optional ProjectPolicy`

  - `groupId: optional string`

  - `role: optional ProjectRole`

    role is the role assigned to the group

    - `"PROJECT_ROLE_UNSPECIFIED"`

    - `"PROJECT_ROLE_ADMIN"`

    - `"PROJECT_ROLE_USER"`

    - `"PROJECT_ROLE_EDITOR"`

### Example

```http
curl https://app.gitpod.io/api/gitpod.v1.ProjectService/UpdateProjectPolicy \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $GITPOD_API_KEY" \
    -d '{}'
```

#### Response

```json
{
  "policy": {
    "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "role": "PROJECT_ROLE_UNSPECIFIED"
  }
}
```

## Domain Types

### Project Policy

- `ProjectPolicy object { groupId, role }`

  - `groupId: optional string`

  - `role: optional ProjectRole`

    role is the role assigned to the group

    - `"PROJECT_ROLE_UNSPECIFIED"`

    - `"PROJECT_ROLE_ADMIN"`

    - `"PROJECT_ROLE_USER"`

    - `"PROJECT_ROLE_EDITOR"`

### Project Role

- `ProjectRole = "PROJECT_ROLE_UNSPECIFIED" or "PROJECT_ROLE_ADMIN" or "PROJECT_ROLE_USER" or "PROJECT_ROLE_EDITOR"`

  - `"PROJECT_ROLE_UNSPECIFIED"`

  - `"PROJECT_ROLE_ADMIN"`

  - `"PROJECT_ROLE_USER"`

  - `"PROJECT_ROLE_EDITOR"`

### Policy Create Response

- `PolicyCreateResponse object { policy }`

  - `policy: optional ProjectPolicy`

    - `groupId: optional string`

    - `role: optional ProjectRole`

      role is the role assigned to the group

      - `"PROJECT_ROLE_UNSPECIFIED"`

      - `"PROJECT_ROLE_ADMIN"`

      - `"PROJECT_ROLE_USER"`

      - `"PROJECT_ROLE_EDITOR"`

### Policy Delete Response

- `PolicyDeleteResponse = unknown`

### Policy Update Response

- `PolicyUpdateResponse object { policy }`

  - `policy: optional ProjectPolicy`

    - `groupId: optional string`

    - `role: optional ProjectRole`

      role is the role assigned to the group

      - `"PROJECT_ROLE_UNSPECIFIED"`

      - `"PROJECT_ROLE_ADMIN"`

      - `"PROJECT_ROLE_USER"`

      - `"PROJECT_ROLE_EDITOR"`