Skip to content

/AWS1/IF_BDO=>UPDATEPOLICY()

About UpdatePolicy

Updates an existing policy within the AgentCore Policy system. This operation allows modification of the policy description and definition while maintaining the policy's identity. The updated policy is validated against the Cedar schema before being applied. This is an asynchronous operation. Use the GetPolicy operation to poll the status field to track completion.

Method Signature

METHODS /AWS1/IF_BDO~UPDATEPOLICY
  IMPORTING
    !IV_POLICYENGINEID TYPE /AWS1/BDORESOURCEID OPTIONAL
    !IV_POLICYID TYPE /AWS1/BDORESOURCEID OPTIONAL
    !IV_DESCRIPTION TYPE /AWS1/BDODESCRIPTION OPTIONAL
    !IO_DEFINITION TYPE REF TO /AWS1/CL_BDOPOLICYDEFINITION OPTIONAL
    !IV_VALIDATIONMODE TYPE /AWS1/BDOPOLICYVALIDATIONMODE OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_bdoupdatepolicyrsp
  RAISING
    /AWS1/CX_BDOACCESSDENIEDEX
    /AWS1/CX_BDOCONFLICTEXCEPTION
    /AWS1/CX_BDOINTERNALSERVEREX
    /AWS1/CX_BDORESOURCENOTFOUNDEX
    /AWS1/CX_BDOTHROTTLINGEX
    /AWS1/CX_BDOVALIDATIONEX
    /AWS1/CX_BDOCLIENTEXC
    /AWS1/CX_BDOSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_policyengineid TYPE /AWS1/BDORESOURCEID /AWS1/BDORESOURCEID

The identifier of the policy engine that manages the policy to be updated. This ensures the policy is updated within the correct policy engine context.

iv_policyid TYPE /AWS1/BDORESOURCEID /AWS1/BDORESOURCEID

The unique identifier of the policy to be updated. This must be a valid policy ID that exists within the specified policy engine.

io_definition TYPE REF TO /AWS1/CL_BDOPOLICYDEFINITION /AWS1/CL_BDOPOLICYDEFINITION

The new Cedar policy statement that defines the access control rules. This replaces the existing policy definition with new logic while maintaining the policy's identity.

Optional arguments:

iv_description TYPE /AWS1/BDODESCRIPTION /AWS1/BDODESCRIPTION

The new human-readable description for the policy. This optional field allows updating the policy's documentation while keeping the same policy logic.

iv_validationmode TYPE /AWS1/BDOPOLICYVALIDATIONMODE /AWS1/BDOPOLICYVALIDATIONMODE

The validation mode for the policy update. Determines how Cedar analyzer validation results are handled during policy updates. FAIL_ON_ANY_FINDINGS runs the Cedar analyzer and fails the update if validation issues are detected, ensuring the policy conforms to the Cedar schema and tool context. IGNORE_ALL_FINDINGS runs the Cedar analyzer but allows updates despite validation warnings. Use FAIL_ON_ANY_FINDINGS to ensure policy correctness during updates, especially when modifying policy logic or conditions.

RETURNING

oo_output TYPE REF TO /aws1/cl_bdoupdatepolicyrsp /AWS1/CL_BDOUPDATEPOLICYRSP

Domain /AWS1/RT_ACCOUNT_ID
Primitive Type NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->updatepolicy(
  io_definition = new /aws1/cl_bdopolicydefinition( new /aws1/cl_bdocedarpolicy( |string| ) )
  iv_description = |string|
  iv_policyengineid = |string|
  iv_policyid = |string|
  iv_validationmode = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_resourceid = lo_result->get_policyid( ).
  lv_policyname = lo_result->get_name( ).
  lv_resourceid = lo_result->get_policyengineid( ).
  lo_policydefinition = lo_result->get_definition( ).
  IF lo_policydefinition IS NOT INITIAL.
    lo_cedarpolicy = lo_policydefinition->get_cedar( ).
    IF lo_cedarpolicy IS NOT INITIAL.
      lv_statement = lo_cedarpolicy->get_statement( ).
    ENDIF.
  ENDIF.
  lv_description = lo_result->get_description( ).
  lv_datetimestamp = lo_result->get_createdat( ).
  lv_datetimestamp = lo_result->get_updatedat( ).
  lv_policyarn = lo_result->get_policyarn( ).
  lv_policystatus = lo_result->get_status( ).
  LOOP AT lo_result->get_statusreasons( ) into lo_row.
    lo_row_1 = lo_row.
    IF lo_row_1 IS NOT INITIAL.
      lv_string = lo_row_1->get_value( ).
    ENDIF.
  ENDLOOP.
ENDIF.