- Release Notes
- Introduction
- Governance
- Define Governance Policies
- Create a Governance Policy
- Manage Policies
- Deploy Governance Policies
- Troubleshooting
- Source Control
- CI/CD Pipelines
- Feeds Management
- Logging
Automation Ops User Guide
Deploy Governance Policies
You can deploy policies at tenant, group, and user level for each product. Policies deployed at tenant level are applied to all the users in that tenant. For more granularity, you can apply different policies to specific groups or specific users. Deployments defined at user level override deployments at group level, which in turn override those at tenant level.
If you were previously using file-based governance, when you visit the Deployment page for the first time, Automation Ops™ overwrites any existing file-based governance in your environment.
As it is expected that any file-based governance to no longer apply, make sure you import your already existing policies to Automation Ops™ and deploy them from here.
In addition to the custom policies you define in Automation Ops™, two default deployment options are available for each product:
- No Policy - Disables the enforcement of a governance policy from Automation Ops™ at the user, group, or tenant level.
- Inherit - Inherits the governance policy from the higher level (user inherits from group and group inherits from tenant).
The policy that is applied for a product to a user is determined in the following order:
-
When a policy is deployed at user level, the policy is applied to the user.
- If a custom policy created in Automation Ops™ is selected, the policy overrides any policy deployed at group or tenant level.
- If the No Policy option is selected, the product is not governed by Automation Ops™ for the user, overriding any policy deployed at group or tenant level.
- If the Inherit option is selected, the policy defined at group level is applied. If one does not exist, the tenant-level policy is applied.
-
When no policy deployment is defined at user level:
-
If the user is part of a group and a policy is deployed at group level, the group policy is applied to the user.
- If a custom policy created in Automation Ops™ is selected, the policy overrides any policy deployed at tenant level.
- If the No Policy option is selected, the product is not governed by Automation Ops™ for the user, overriding any policy deployed at tenant level.
- If the Inherit option is selected, the policy defined at tenant level is applied.
- If the user is part of multiple groups where a policy is deployed, the custom policy with the lowest priority value is applied to the user. If no custom policies are deployed at group level, any No Policy group deployment takes precedence over Inherit.
-
-
When no policy deployment is defined at user or group level, the policy deployed at tenant level for the product is applied to the user.
- If the No Policy option is selected, the product is not governed by Automation Ops™ for the user.
- For StudioX, Studio, and Studio Pro, when the product is not governed by Automation Ops™ (the No Policy option is applied to the user), the policy enforced using the file-based governance model is applied, if available.
- For Studio and Assistant, the policies are applied when the users restart the application.
- For Studio Web, the policies are applied when the users sign out and then sign back in and refresh all open Studio Web tabs.
When Studio is governed using Automation Ops™, the policy name is displayed in the Help tab in Studio Backstage View. When hovering over the policy name, a tooltip is displayed that indicates Config source: Modern Governance.
Messages displayed in Studio windows that contain settings that are governed inform the user that functionality may be restricted by the company policy. For example, such a message appears in the Manage Sources tab in Studio Backstage View and in the Workflow Analyzer tab in the Project Settings window.