Cloud Services

Enterprise Marketplace

Expand menu Collapse menu

Operation policies

Published On Oct 07, 2024 - 11:30 AM

Operation policies

Manage permissions by setting operation groups and creating operation policies.

Permissions for these operations are provided in Operation Groups. The Operation Groups can then be added to Operations Policies to grant those permissions to the teams listed in that Operation Policy.

Operations Policies allow you to control access to various operations such as Start and Stop, Taint and Untaint, and Edit Policy. These operations are onboarded automatically from the various providers, and vary accordingly. Permissions for these operations are provided in Operation Groups. The Operation Groups can then be added to Operations Policies to grant those permissions to the teams listed in that Operation Policy.

Roles required

The following roles are allowed to create and manage Operations Policies:

Policy Administrator:
To view operation policy page on UI and create/update operation policies

Operator/Buyer:
To list operations for creating operation groups.

Prerequisites

Before you can work with Operations Policies, the following prerequisites must be met:

The user must be able to list operation definitions (have the Operator/Buyer role).

Operation Groups

Operation Groups provide permission to use the operations that are listed in them. The groups can then be added to Operation Policies to grant those permissions to the teams listed in that policy.

Navigate to the Operation Policies
page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.

Creating Operation Groups

Before you can create an operation policy, you need at least one operation group. To create an operation group, complete these steps:

On the Operation Policies
page, click the Operation Group
tab.

Click New Operation Group
.

Enter the following parameters for the new Operation Group and then click Add Operation Group
:

Name:
Provide a descriptive name for your new Operation Group.

Operation:
Select one or more operations that will be allowed when this Operation Group is included in a policy .

Managing Operation Groups

After they are created, Operation Groups can be edited, duplicated, and deleted. To do so, click the Actions
icon for the Operation Group that you want to manage and select from these options:

View Details:
Opens the details view for the Operation Group. From this window you can edit the parameters of the group. After you do so, click Update
to save your changes. You can also Delete
the group. For more information about the parameters, see Creating Operation Groups.

Duplicate:
Opens the Duplicate Operation Group
window. You are prompted to enter a different Name
for the group and then click Duplicate
.

Delete:
Deletes the Operation Group. You are prompted to confirm the deletion by clicking Continue
.

The Operation Group will be removed from all Operation Policies that it is included in, so use this option with care.

Operation Policies

Operation Policies are used to specify teams and the Operation Groups that those teams belong to. The teams can then access the operations that the groups contain.

Navigate to the Operations Policies
page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.

Creating Operation Policies

To create an operation policy, complete these steps:

On the Operation Policies
page, click New Policy
.

Enter the following information for the new policy and then click Create Policy
:

Name:
Provide a descriptive name for your new policy.

Status:
Select either Draft
, which will be saved but not applied to the system, or Active
, which will affect the system.

Team:
Select one or more teams that the policy will be applied to. You can use the Search
field to locate teams.

Operation Group:
Select one or more Operations Groups to include in the Operation Policy. These Operation Groups determine what operations are allowed to the teams that are covered by the policy.

Managing Operation Policies

After they are created, Operation Groups can be edited, duplicated, and deleted. You can use the Filters
pane to filter the policies by status. The Search
field can be used to filter a long list of policies.

To manage an Operation Policy, click the Actions
icon for that policy and select from these options:

View Details:
Opens the details view for the Operation Policy. From this window you can edit the parameters of the policy. After you do so, click Update
to save your changes. For more information about the parameters, see Creating Operation Policies. You can also Delete
the policy.

Duplicate:
Opens the Duplicate Operation Policy
window. You are prompted to enter a different Name
for the policy and then click Duplicate
. A duplicate will be created in Draft
status.

Delete:
Deletes the Operation Policy. You are prompted to confirm the deletion by clicking Continue
. You cannot delete policies in the Active
status.

Changing Operation Policy status

Operation Policies can be in one of these statuses:

Draft:
The policy is saved but has not been applied to the system.

Active:
The policy is being applied to the system, allowing members of the selected groups to initiate the operations specified by the Operation Groups selected.

Retired:
The policy no longer affects the system.

To change status, complete these steps:

Click the Actions
icon for the policy and select View Details
.

In the Status
field, select the new status that you want.

Policies in the Draft
policies cannot be retired, and Active
policies cannot be put into the Draft
status.

Click Update
.

Do you have two minutes for a quick survey?

Take Survey