Set Resource Ownership with Policies
You can use a Default Ownership policy to automatically assign ownership to resources and virtual services associated with services that are:
- Created through automated and manual deployments.
- Created outside of Commander (that is, created directly in the cloud account or managed Kubernetes cluster).
A Default Ownership policy reduces the time required to set resource and virtual service ownership. It also ensures that resources and virtual services are always assigned to an owner who can manage them and that they're always visible to organization members. For more information, see Assign ownership automatically through policies.
Access: | Configuration > Policies |
Available to: | Commander Role of Superuser and Enterprise Admin Administrator Access Rights |
- On the Configuration page, click Add.
The Policy Configuration dialog appears.
- On the Choose a Policy page, select Default Ownership from the list of policies, then click Next.
- On the Policy Name/Description page, enter a name for the policy and an optional description, then click Next.
- On the Choose a Target page, from the Target View Type list, select Infrastructure or Applications.
- If a service's resources and virtual services are deployed into a location where multiple policies target the Infrastructure view and the Applications view, the policy targeting the Infrastructure view takes precedence.
- You can only select managed Kubernetes clusters as targets for an ownership policy through the Applications view.
- To set the target for the policy, select the appropriate infrastructure elements in the Infrastructure or Applications tree on the right, then click Next.
Selecting the root Infrastructure or Applications object as the policy target will configure a system-wide policy that will be applied to all current and future Commander cloud accounts and Kubernetes clusters. If you don't want all cloud accounts and Kubernetes clusters to be automatically affected by the policy, instead of selecting Infrastructure or Applications as a target, you should select specific cloud accounts, infrastructure elements within cloud accounts, or Kubernetes clusters.
- On the Configure the Policy page, select Enable Policy for the policy to come into effect immediately after you configure it.
- From Take Action, select from the options:
- Notify Only: Creates an alert to notify you when the policy has triggered, but no action is taken for the service. See also Subscribe to Policy Alerts.
- Run [Workflow]: The selected command workflow will be triggered when the policy is triggered.
The available workflows are listed by target type. You must choose a workflow with a target type that matches the target of the policy, otherwise, the workflow will fail. For example, if the workflow's target type is "VM", the workflow will fail if the policy targets a database. A workflow with a target type of "Any Inventory Type" can be run on all service types.
If you want to set up a new command workflow, click Add Workflow.
A command workflow can't currently be run on Kubernetes namespaces or their child resources. Although you can select a workflow action for a target that includes managed Kubernetes clusters, a workflow won't be run on the clusters' namespaces or their child resources. If a policy targets both non-Kubernetes resources and Kubernetes clusters, the workflow will only be run on the non-Kubernetes resources.
- In the Default Owners area, do one of the following:
- Select an organization. This will make the service's resources and virtual services visible to the users in that organization.
If you also assign ownership to one or more organization members, their organization is automatically selected. For a service's resource and virtual service to be visible to an organization member, the service must be assigned to the organization.
- To assign users to the new service, in the Username/Email field, enter a username or email address, then click Add. Each account you add must be a local user or group account that's set up within Commander or a directory services user or group account.
The first owner that's added to the policy is automatically assigned as a primary owner; you can change that assignment and the IT contact assignment as required.
- If you want to allow children of the targets to have their own instance of the policy, enable For any children of the selected targets....
This option allows other instances of this policy to be applied to infrastructure elements and services that are children of the parent infrastructure element you've selected (an override). For an example of how this override can be useful, see Walk-Through: Configuring Organizations.
Note that this option won't affect any managed Kubernetes clusters that are included with a target.
- On the Summary page, review the settings and click Finish.