# Amazon Verified Permissions policy store schema
A *[schema](https://docs.cedarpolicy.com/overview/terminology.html#schema)* is a declaration of the structure of the entity types supported by your application, and the actions your application may provide in authorization requests. To see the difference between how Verified Permissions and Cedar handles schemas, see [Schema support](terminology-differences-avp-cedar.md#differences-templates).
For more information, see [Cedar schema format](https://docs.cedarpolicy.com/schema/schema.html) in the Cedar policy language Reference Guide.
**Note**
The use of schemas in Verified Permissions is optional, but they are highly recommended for production software. When you create a new policy, Verified Permissions can use the schema to validate the entities and attributes referenced in the scope and conditions to avoid typos and mistakes in policies that can lead to confusing system behavior. If you activate [policy validation](policy-validation-mode.md), then all new policies must conform with the schema.
------
#### [ AWS Management Console ]
**To create a schema**
1. Open the [Verified Permissions console](https://console.aws.amazon.com/verifiedpermissions/). Choose your policy store.
1. In the navigation pane on the left, choose **Schema**.
1. Choose **Create schema**.
------
#### [ AWS CLI ]
**To submit a new schema, or overwrite an existing schema by using the AWS CLI.**
You can create a policy store by running a AWS CLI command similar to the following example.
Consider a schema that contains the following Cedar content:
```
{
"MySampleNamespace": {
"actions": {
"remoteAccess": {
"appliesTo": {
"principalTypes": [ "Employee" ]
}
}
},
"entityTypes": {
"Employee": {
"shape": {
"type": "Record",
"attributes": {
"jobLevel": {"type": "Long"},
"name": {"type": "String"}
}
}
}
}
}
}
```
You must first escape the JSON into a single line string, and preface it with a declaration of its data type: `cedarJson`. The following example uses the following contents of `schema.json` file that contains the escaped version of the JSON schema.
**Note**
The example here is line wrapped for readability. You must have the entire file on a single line for the command to accept it.
```
{"cedarJson": "{\"MySampleNamespace\": {\"actions\": {\"remoteAccess\": {\"appliesTo\":
{\"principalTypes\": [\"Employee\"]}}},\"entityTypes\": {\"Employee\": {\"shape\":
{\"attributes\": {\"jobLevel\": {\"type\": \"Long\"},\"name\": {\"type\": \"String\"}},
\"type\": \"Record\"}}}}}"}
```
```
$ aws verifiedpermissions put-schema \
--definition file://schema.json \
--policy-store PSEXAMPLEabcdefg111111
{
"policyStoreId": "PSEXAMPLEabcdefg111111",
"namespaces": [
"MySampleNamespace"
],
"createdDate": "2023-07-17T21:07:43.659196+00:00",
"lastUpdatedDate": "2023-08-16T17:03:53.081839+00:00"
}
```
------
#### [ AWS SDKs ]
You can create a policy store using the `PutSchema` API. For more information, see [PutSchema](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PutSchema.html) in the Amazon Verified Permissions API Reference Guide.
------
# Editing policy store schemas
When you select **Schema** in the Amazon Verified Permissions console, the **Entity types** and **Actions** that make up your schema are displayed. You can view edit your schema in either **Visual mode** or **JSON mode**. Visual mode lets you update the schema by adding new types and actions using various wizards. Using JSON mode, you can start updating the JSON code of the schema directly in the JSON editor.
------
#### [ Visual Mode ]
The visual schema editor begins with a series of diagrams that illustrate the relationships between the entities in your schema. Choose **Expand** to maximize your view of the diagrams. There are two diagrams available:
+ **Actions diagram** – The **Actions diagram** view lists the types of **Principals** you have configured in your policy store, the **Actions** they are eligible to perform, and the **Resources** that they are eligible to perform actions on. The lines between entities indicate your ability to create a policy that allows a principal to take an action on a resource. If your actions diagram doesn't indicate a relationship between two entities, you must create that relationship between them before you can allow or deny it in policies. Select an entity to see a properties overview and drill down to view full details. Choose **Filter by this [action \$1 resource type \$1 principal type]** to see an entity in a view with only its own connections.
+ **Entity types diagram** – The **Entity types diagram** focuses on the relationships between principals and resources. When you want to understand the complex nested parent relationships in your schema, review this diagram. Hover over an entity to drill down into the parent relationships that it has.
Under the diagrams are list views of the **Entity types** and **Actions** in your schema. The list view is useful when you want to immediately view the details of a specific action or entity type. Select any entity to view details.
**To edit a Verified Permissions schema in Visual mode**
1. Open the [Verified Permissions console](https://console.aws.amazon.com/verifiedpermissions/). Choose your policy store.
1. In the navigation pane on the left, choose **Schema**.
1. Choose **Visual mode**. Review the entity-relationship diagrams and plan the changes that you want to make to your schema. You can optionally **Filter by** one entity to examine its individual connections to other entities.
1. Choose **Edit schema**.
1. In the **Details** section, type a **Namespace** for your schema.
1. In the **Entity types** section, choose **Add new entity type**.
1. Type the name of the entity.
1. (Optional) Choose **Add a parent** to add parent entities that the new entity is a member of. To remove a parent that has been added to the entity, choose **Remove** next to the name of the parent.
1. Choose **Add an attribute** to add attributes to the entity. Type the **Attribute name** and choose the **Attribute type** for each attribute of the entity. Verified Permissions uses the specified attribute values when verifying policies against the schema. Select whether each attribute is **Required**. To remove an attribute that has been added to the entity, choose **Remove** next to the attribute.
1. Choose **Add entity type** to add the entity to the schema.
1. In the **Actions** section, choose **Add new action**.
1. Type the name of the action.
1. (Optional) Choose **Add a resource** to add resource types for which the action applies to. To remove a resource type that has been added to the action, choose **Remove** next to the name of the resource type.
1. (Optional) Choose **Add a principal** to add a principal type that the action applies to. To remove a principal type that has been added to the action, choose **Remove** next to the name of the principal type.
1. Choose **Add an attribute** to add attributes that can be added to the context of an action in your authorization requests. Enter the **Attribute name** and choose the **Attribute type** for each attribute. Verified Permissions uses the specified attribute values when verifying policies against the schema. Select whether each attribute is **Required**. To remove an attribute that has been added to the action, choose **Remove** next to the attribute.
1. Choose **Add action**.
1. After all the entity types and actions have been added to the schema, choose **Save changes**.
------
#### [ JSON mode ]
While making updates, you'll notice the JSON editor validates your code against JSON syntax and will identify errors and warnings as you edit, making it easier for you to find issues quickly. In addition, you don't need to worry about the formatting of the JSON, simply choose **Format JSON** once you've made your updates and the format will be updated to match expected JSON formatting.
**To edit a Verified Permissions schema in JSON mode**
1. Open the [Verified Permissions console](https://console.aws.amazon.com/verifiedpermissions/). Choose your policy store.
1. In the navigation pane on the left, choose **Schema**.
1. Choose **JSON mode** and then choose **Edit schema**.
1. Enter the content of your JSON schema in the **Contents** field. You can't save updates to your schema until you resolve all syntax errors. You can choose **Format JSON** to format the JSON syntax of your schema with the recommended spacing and indentation.
1. Choose **Save changes**.
------