# Update Jobs Policy Type

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FYmhVC3L4GcmGNartLxH6%2Fimage.png?alt=media&#x26;token=902b7737-a3cf-491b-9968-a5f7562031b5" alt=""><figcaption></figcaption></figure>

Use **Update Jobs** policies to deploy, modify, or remove **job definitions** on endpoints from a central place.

***

### How it works (high level)

Agents process policies with `PolicyType` **`"JobUpdate"`**. The policy’s `Extension` tells the agent which job file to add/update/delete under `Jobs/{JobId}.json`.

### Step-by-step: Create an Update Jobs policy (via Advanced JSON)

{% stepper %}
{% step %}
**Navigate to Endpoint Privilege Manager → Policies**

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FDpC6Mb2vfj3VtCWWH2jy%2Fimage.png?alt=media&#x26;token=16ce893e-da7c-4deb-b2bd-9c96b5dbb5b1" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Click Create Policy Button**

This will spawn the Create Policy modal form.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2Fjt36zB0v6IGHdOFM60o1%2Fimage.png?alt=media&#x26;token=61a352bb-a843-4479-a170-95f0fb1e077b" alt="" width="375"><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Define Policy Attributes**

Choose a aptly discriptive name for your new policy.

Choose **any existing policy type available in the UI** for your new policy(this is just a starting template since Update Settings is set in JSON).

Choose a status for your new policy. We recommend monitor mode when initially setting up a policy.

Add one or more Controls by clicking on the "Add Control" button and then selecting the controls that you would like to see applied to your new policy.

Choose a User Group, a Machine Collection, and an Application Collection.
{% endstep %}

{% step %}
**Configure Policy Targeting**

Configure any **targeting** you want in the UI (collections/users/machines/apps/platforms). Who or What does your policy apply to?
{% endstep %}

{% step %}
**Open the Policy’s Advanced Mode (JSON view)**

To open the Policy's Advanced Mode, click on the "Advanced Mode" link in the bottom left corner of the Policy Form.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FxPlV7kSWUl1ZxhEih8st%2Fimage.png?alt=media&#x26;token=6eca2fa9-4a41-465a-b461-5487d919b2a2" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Redefine Policy Type in JSON**
{% endstep %}

{% step %}
**Define Extension Fields**

Set: `Extension` fields as described in the [Required Etension Fields](#required-extension-fields) section of this document
{% endstep %}

{% step %}
**Save the Policy**
{% endstep %}
{% endstepper %}

### Required Extension Fields

* `Extension.JobId` — job identifier; agent writes/deletes `Jobs/{JobId}.json`
* `Extension.Action` — `"Add"`, `"Update"`, or `"Delete"`
* `Extension.JobJson` — required for Add/Update; omit for Delete

**ID requirement:** `JobJson` must include an internal `id` matching `JobId`.

***

## Example JSON Snippets

#### Example 1: Add a Job (JobUpdate / Action=Add)

```
{
  "PolicyName": "Update Jobs - Add Maintenance Job",
  "PolicyType": "JobUpdate",
  "PolicyId": "REPLACE_WITH_ID",
  "Status": "on",
  "Actions": {
    "OnSuccess": {
      "Controls": [
        "NOTIFY"
      ]
    },
    "OnFailure": {
      "Command": ""
    }
  },
  "NotificationMessage": "A job was added to this endpoint via policy.",
  "NotificationRequiresAcknowledge": false,
  "RiskLevel": 20,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "This user is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "MachineCheck",
      "ErrorMessage": "This Machine is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckMachine()"
    }
  ],
  "UserCheck": [],
  "MachineCheck": [],
  "ApplicationCheck": [],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {
    "JobId": "my-maintenance-job",
    "Action": "Add",
    "JobJson": "{\n  \"id\": \"my-maintenance-job\",\n  \"name\": \"My Maintenance Job\",\n  \"description\": \"Runs periodic maintenance actions.\",\n  \"enabled\": true,\n  \"schedule\": {\n    \"type\": \"interval\",\n    \"minutes\": 60\n  },\n  \"tasks\": [\n    {\n      \"type\": \"command\",\n      \"name\": \"Example Task\",\n      \"command\": \"echo Maintenance job ran\"\n    }\n  ]\n}"
  }
}
```

**Notes**

* `Extension.JobJson` is a **string** containing the **full job JSON**.
* Make sure the inner job JSON includes `"id": "my-maintenance-job"` matching `JobId`.

***

#### Example 2: Update an Existing Job (JobUpdate / Action=Update)

```
{
  "PolicyName": "Update Jobs - Update Maintenance Job",
  "PolicyType": "JobUpdate",
  "PolicyId": "REPLACE_WITH_ID",
  "Status": "on",
  "Actions": {
    "OnSuccess": {
      "Controls": [
        "NOTIFY"
      ]
    },
    "OnFailure": {
      "Command": ""
    }
  },
  "NotificationMessage": "A job was updated on this endpoint via policy.",
  "NotificationRequiresAcknowledge": false,
  "RiskLevel": 20,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "This user is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "MachineCheck",
      "ErrorMessage": "This Machine is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckMachine()"
    }
  ],
  "UserCheck": [],
  "MachineCheck": [],
  "ApplicationCheck": [],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {
    "JobId": "my-maintenance-job",
    "Action": "Update",
    "JobJson": "{\n  \"id\": \"my-maintenance-job\",\n  \"name\": \"My Maintenance Job\",\n  \"description\": \"Runs periodic maintenance actions (updated schedule).\",\n  \"enabled\": true,\n  \"schedule\": {\n    \"type\": \"interval\",\n    \"minutes\": 30\n  },\n  \"tasks\": [\n    {\n      \"type\": \"command\",\n      \"name\": \"Example Task\",\n      \"command\": \"echo Maintenance job ran (updated)\"\n    }\n  ]\n}"
  }
}
```

**Notes**

* Updates typically **replace** the job file contents with whatever you provide in `JobJson`, so include all required fields for your job schema.

***

#### Example 3: Delete a Job (JobUpdate / Action=Delete)

```
{
  "PolicyName": "Update Jobs - Delete Maintenance Job",
  "PolicyType": "JobUpdate",
  "PolicyId": "REPLACE_WITH_ID",
  "Status": "on",
  "Actions": {
    "OnSuccess": {
      "Controls": [
        "NOTIFY"
      ]
    },
    "OnFailure": {
      "Command": ""
    }
  },
  "NotificationMessage": "A job was deleted from this endpoint via policy.",
  "NotificationRequiresAcknowledge": false,
  "RiskLevel": 20,
  "Operator": "And",
  "Rules": [
    {
      "RuleName": "UserCheck",
      "ErrorMessage": "This user is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckUser()"
    },
    {
      "RuleName": "MachineCheck",
      "ErrorMessage": "This Machine is not included in this policy",
      "RuleExpressionType": "BuiltInAction",
      "Expression": "CheckMachine()"
    }
  ],
  "UserCheck": [],
  "MachineCheck": [],
  "ApplicationCheck": [],
  "DayCheck": [],
  "DateCheck": [],
  "TimeCheck": [],
  "CertificationCheck": [],
  "Extension": {
    "JobId": "my-maintenance-job",
    "Action": "Delete"
  }
}
```

**Notes**

* For `Delete`, omit `JobJson`.

### What you’ll typically edit in real use

* `PolicyId`: keep the one generated by the UI.
* `Status`: `"on"`/`"off"` depending on rollout.
* `UserCheck` / `MachineCheck`: populate the arrays using your console’s normal targeting entries.
* `Extension.JobId`: the filename key (ends up as `Jobs/{JobId}.json` on endpoints).
* `Extension.JobJson`: stringified full job definition for Add/Update.

### Validate on an endpoint

* **Add/Update:** confirm `Jobs/{JobId}.json` exists and matches your provided job JSON.
* **Delete:** confirm `Jobs/{JobId}.json` is removed.