Cloud Services

Enterprise Marketplace

Operation policies
Published On Dec 17, 2024 - 12:57 PM

Operation policies

Manage permissions by setting operation groups and creating operation policies.
Permissions for these operations are provided in Operation Groups. The Operation Groups can then be added to Operations Policies to grant those permissions to the teams listed in that Operation Policy.
Operations Policies allow you to control access to various operations such as Start and Stop, Taint and Untaint, and Edit Policy. These operations are onboarded automatically from the various providers, and vary accordingly. Permissions for these operations are provided in Operation Groups. The Operation Groups can then be added to Operations Policies to grant those permissions to the teams listed in that Operation Policy.

Roles required

The following roles are allowed to create and manage Operations Policies:
  • Policy Administrator:
    To view operation policy page on UI and create/update operation policies
  • Operator/Buyer:
    To list operations for creating operation groups.

Prerequisites

Before you can work with Operations Policies, the following prerequisites must be met:
  • The user must be able to list operation definitions (have the Operator/Buyer role).

Operation Groups

Operation Groups provide permission to use the operations that are listed in them. The groups can then be added to Operation Policies to grant those permissions to the teams listed in that policy.
Navigate to the
Operation Policies
page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.

Creating Operation Groups

Before you can create an operation policy, you need at least one operation group. To create an operation group, complete these steps:
  1. On the
    Operation Policies
    page, click the
    Operation Group
    tab.
  2. Click
    New Operation Group
    .
  3. Enter the following parameters for the new Operation Group and then click
    Add Operation Group
    :
    • Name:
      Provide a descriptive name for your new Operation Group.
    • Operation:
      Select one or more operations that will be allowed when this Operation Group is included in a policy .

Managing Operation Groups

After they are created, Operation Groups can be edited, duplicated, and deleted. To do so, click the
Actions
icon for the Operation Group that you want to manage and select from these options:
  • View Details:
    Opens the details view for the Operation Group. From this window you can edit the parameters of the group. After you do so, click
    Update
    to save your changes. You can also
    Delete
    the group. For more information about the parameters, see Creating Operation Groups.
  • Duplicate:
    Opens the
    Duplicate Operation Group
    window. You are prompted to enter a different
    Name
    for the group and then click
    Duplicate
    .
  • Delete:
    Deletes the Operation Group. You are prompted to confirm the deletion by clicking
    Continue
    .
    The Operation Group will be removed from all Operation Policies that it is included in, so use this option with care.

Operation Policies

Operation Policies are used to specify teams and the Operation Groups that those teams belong to. The teams can then access the operations that the groups contain.
Navigate to the
Operations Policies
page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.

Creating Operation Policies

To create an operation policy, complete these steps:
  1. On the
    Operation Policies
    page, click
    New Policy
    .
  2. Enter the following information for the new policy and then click
    Create Policy
    :
    • Name:
      Provide a descriptive name for your new policy.
    • Status:
      Select either
      Draft
      , which will be saved but not applied to the system, or
      Active
      , which will affect the system.
    • Team:
      Select one or more teams that the policy will be applied to. You can use the
      Search
      field to locate teams.
    • Operation Group:
      Select one or more Operations Groups to include in the Operation Policy. These Operation Groups determine what operations are allowed to the teams that are covered by the policy.

Managing Operation Policies

After they are created, Operation Groups can be edited, duplicated, and deleted. You can use the
Filters
pane to filter the policies by status. The
Search
field can be used to filter a long list of policies.
To manage an Operation Policy, click the
Actions
icon for that policy and select from these options:
  • View Details:
    Opens the details view for the Operation Policy. From this window you can edit the parameters of the policy. After you do so, click
    Update
    to save your changes. For more information about the parameters, see Creating Operation Policies. You can also
    Delete
    the policy.
  • Duplicate:
    Opens the
    Duplicate Operation Policy
    window. You are prompted to enter a different
    Name
    for the policy and then click
    Duplicate
    . A duplicate will be created in
    Draft
    status.
  • Delete:
    Deletes the Operation Policy. You are prompted to confirm the deletion by clicking
    Continue
    . You cannot delete policies in the
    Active
    status.

Changing Operation Policy status

Operation Policies can be in one of these statuses:
  • Draft:
    The policy is saved but has not been applied to the system.
  • Active:
    The policy is being applied to the system, allowing members of the selected groups to initiate the operations specified by the Operation Groups selected.
  • Retired:
    The policy no longer affects the system.
To change status, complete these steps:
  1. Click the
    Actions
    icon for the policy and select
    View Details
    .
  2. In the
    Status
    field, select the new status that you want.
    Policies in the
    Draft
    policies cannot be retired, and
    Active
    policies cannot be put into the
    Draft
    status.
  3. Click
    Update
    .
Do you have two minutes for a quick survey?
Take Survey