# Update Jobs
Use **Update Jobs** policies to deploy, modify, or remove **job definitions** on endpoints from a central place.
## How it Works
Agents process policies with `PolicyType` **`"JobUpdate"`**. The policy’s `Extension` tells the agent which job file to add/update/delete under `Jobs/{JobId}.json`.
### Step-by-step: Create an Update Jobs policy (via Advanced JSON)
{% stepper %}
{% step %}
**Navigate to Endpoint Privilege Manager → Policies**
{% endstep %}
{% step %}
**Click Create Policy Button**
This will spawn the Create Policy modal form.
{% endstep %}
{% step %}
**Define Policy Attributes**
Choose a aptly discriptive name for your new policy.
Choose **any existing policy type available in the UI** for your new policy(this is just a starting template since Update Settings is set in JSON).
Choose a status for your new policy. We recommend monitor mode when initially setting up a policy.
Add one or more Controls by clicking on the "Add Control" button and then selecting the controls that you would like to see applied to your new policy.
Choose a User Group, a Machine Collection, and an Application Collection.
{% endstep %}
{% step %}
**Configure Policy Targeting**
Configure any **targeting** you want in the UI (collections/users/machines/apps/platforms). Who or What does your policy apply to?
{% endstep %}
{% step %}
**Open the Policy’s Advanced Mode (JSON view)**
To open the Policy's Advanced Mode, click on the "Advanced Mode" link in the bottom left corner of the Policy Form.
{% endstep %}
{% step %}
**Redefine Policy Type in JSON**
{% endstep %}
{% step %}
**Define Extension Fields**
Set: `Extension` fields as described in the [Required Etension Fields](#required-extension-fields) section of this document
{% endstep %}
{% step %}
**Save the Policy**
{% endstep %}
{% endstepper %}
### Required Extension Fields
* `Extension.JobId` — job identifier; agent writes/deletes `Jobs/{JobId}.json`
* `Extension.Action` — `"Add"`, `"Update"`, or `"Delete"`
* `Extension.JobJson` — required for Add/Update; omit for Delete
**ID requirement:** `JobJson` must include an internal `id` matching `JobId`.
## Example JSON Snippets
### Example 1: Add a Job (JobUpdate / Action=Add)
```
{
"PolicyName": "Update Jobs - Add Maintenance Job",
"PolicyType": "JobUpdate",
"PolicyId": "REPLACE_WITH_ID",
"Status": "on",
"Actions": {
"OnSuccess": {
"Controls": [
"NOTIFY"
]
},
"OnFailure": {
"Command": ""
}
},
"NotificationMessage": "A job was added to this endpoint via policy.",
"NotificationRequiresAcknowledge": false,
"RiskLevel": 20,
"Operator": "And",
"Rules": [
{
"RuleName": "UserCheck",
"ErrorMessage": "This user is not included in this policy",
"RuleExpressionType": "BuiltInAction",
"Expression": "CheckUser()"
},
{
"RuleName": "MachineCheck",
"ErrorMessage": "This Machine is not included in this policy",
"RuleExpressionType": "BuiltInAction",
"Expression": "CheckMachine()"
}
],
"UserCheck": [],
"MachineCheck": [],
"ApplicationCheck": [],
"DayCheck": [],
"DateCheck": [],
"TimeCheck": [],
"CertificationCheck": [],
"Extension": {
"JobId": "my-maintenance-job",
"Action": "Add",
"JobJson": "{\n \"id\": \"my-maintenance-job\",\n \"name\": \"My Maintenance Job\",\n \"description\": \"Runs periodic maintenance actions.\",\n \"enabled\": true,\n \"schedule\": {\n \"type\": \"interval\",\n \"minutes\": 60\n },\n \"tasks\": [\n {\n \"type\": \"command\",\n \"name\": \"Example Task\",\n \"command\": \"echo Maintenance job ran\"\n }\n ]\n}"
}
}
```
**Notes**
* `Extension.JobJson` is a **string** containing the **full job JSON**.
* Make sure the inner job JSON includes `"id": "my-maintenance-job"` matching `JobId`.
### Example 2: Update an Existing Job (JobUpdate / Action=Update)
```
{
"PolicyName": "Update Jobs - Update Maintenance Job",
"PolicyType": "JobUpdate",
"PolicyId": "REPLACE_WITH_ID",
"Status": "on",
"Actions": {
"OnSuccess": {
"Controls": [
"NOTIFY"
]
},
"OnFailure": {
"Command": ""
}
},
"NotificationMessage": "A job was updated on this endpoint via policy.",
"NotificationRequiresAcknowledge": false,
"RiskLevel": 20,
"Operator": "And",
"Rules": [
{
"RuleName": "UserCheck",
"ErrorMessage": "This user is not included in this policy",
"RuleExpressionType": "BuiltInAction",
"Expression": "CheckUser()"
},
{
"RuleName": "MachineCheck",
"ErrorMessage": "This Machine is not included in this policy",
"RuleExpressionType": "BuiltInAction",
"Expression": "CheckMachine()"
}
],
"UserCheck": [],
"MachineCheck": [],
"ApplicationCheck": [],
"DayCheck": [],
"DateCheck": [],
"TimeCheck": [],
"CertificationCheck": [],
"Extension": {
"JobId": "my-maintenance-job",
"Action": "Update",
"JobJson": "{\n \"id\": \"my-maintenance-job\",\n \"name\": \"My Maintenance Job\",\n \"description\": \"Runs periodic maintenance actions (updated schedule).\",\n \"enabled\": true,\n \"schedule\": {\n \"type\": \"interval\",\n \"minutes\": 30\n },\n \"tasks\": [\n {\n \"type\": \"command\",\n \"name\": \"Example Task\",\n \"command\": \"echo Maintenance job ran (updated)\"\n }\n ]\n}"
}
}
```
**Notes**
* Updates typically **replace** the job file contents with whatever you provide in `JobJson`, so include all required fields for your job schema.
### Example 3: Delete a Job (JobUpdate / Action=Delete)
```
{
"PolicyName": "Update Jobs - Delete Maintenance Job",
"PolicyType": "JobUpdate",
"PolicyId": "REPLACE_WITH_ID",
"Status": "on",
"Actions": {
"OnSuccess": {
"Controls": [
"NOTIFY"
]
},
"OnFailure": {
"Command": ""
}
},
"NotificationMessage": "A job was deleted from this endpoint via policy.",
"NotificationRequiresAcknowledge": false,
"RiskLevel": 20,
"Operator": "And",
"Rules": [
{
"RuleName": "UserCheck",
"ErrorMessage": "This user is not included in this policy",
"RuleExpressionType": "BuiltInAction",
"Expression": "CheckUser()"
},
{
"RuleName": "MachineCheck",
"ErrorMessage": "This Machine is not included in this policy",
"RuleExpressionType": "BuiltInAction",
"Expression": "CheckMachine()"
}
],
"UserCheck": [],
"MachineCheck": [],
"ApplicationCheck": [],
"DayCheck": [],
"DateCheck": [],
"TimeCheck": [],
"CertificationCheck": [],
"Extension": {
"JobId": "my-maintenance-job",
"Action": "Delete"
}
}
```
**Notes**
* For `Delete`, omit `JobJson`.
## What Will Typically be Edited in Real Use
* `PolicyId`: keep the one generated by the UI.
* `Status`: `"on"`/`"off"` depending on rollout.
* `UserCheck` / `MachineCheck`: populate the arrays using your console’s normal targeting entries.
* `Extension.JobId`: the filename key (ends up as `Jobs/{JobId}.json` on endpoints).
* `Extension.JobJson`: stringified full job definition for Add/Update.
## Validate on an Endpoint
* **Add/Update:** confirm `Jobs/{JobId}.json` exists and matches your provided job JSON.
* **Delete:** confirm `Jobs/{JobId}.json` is removed.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.keeper.io/keeperpam/endpoint-privilege-manager/policies/policy-types/advanced-policy-types/update-jobs-policy-type.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.