The policy manager is used to configure the policies that you want to use to check your apps. AppControl has a default set of checks and all of these are included in the global policy. This is automatically created, configured and is checked automatically. The global policy can be configured to meet the needs of your organizations.
There are 3 different types of policies that can be managed in AppControl:
Global Policy. This will apply to all apps in your organization.
Group Policy. This policy applies to all apps in a specific app group.
App Policy. This policy applies to a specific app.
Policies are applied hierarchically (Global > Group > App), however only a single policy is used to check an app. If for instance a group policy is configured, this policy will be used instead of the global policy. If you want specific checks to be mandatory for all apps (or the entire policy), you can make the complete global policy mandatory or just specific checks in the global policy.
Depending on your user role you will see 1 or more tabs in the policy manager. If a policy has not yet been created for a specific group or app, you can choose to create a new policy. After opening the policy you can enable and disable specific policy checks. Some checks have additional options. Click on a check to view and configure its settings.
Policies are checked for compliance every hour.
For details about all available check types see the 'Checks' section of this documentation.
Policy Settings
Aside from the individual policy checks that you enable or configure, there are settings that apply to the entire policy:
Mandatory? If enabled, this policy applies to all apps in the scope (Global or Group) of the policy, and the configuration cannot be overridden by group or app administrators (for Global policies) or app administrators (for Group policies).
Ignore Marketplace modules? If enabled, policy checks will not apply to Marketplace modules.
Enabled? If set, this policy will be checked. If not, this policy will not be checked.
Severity. The severity level for this policy check. The configured level will be used when creating a check result when this check fails.
Policy Actions
When a policy check fails it is possible to configure an action to take. This action will only occur once per failure of a specific check type. If there are multiple check results for a given check type, the action will only execute once. The following actions can be configured:
Nothing. (Default) No additional action will be taken.
Alert. An alert will be generated with the details of the check type that failed and the environment. This will appear in the AppControl alerts dashboard.
Assign Task. When this check fails the selected task will be assigned. Note that if a task is assigned, it will not be assigned multiple times. If the assigned task is completed and the check fails again, a new task will be assigned. When this action is selected the following options appear:
Task library. The task library that contains the task you want to assign. Only tasks with the scheduled type 'One Time' can be selected. Note: The task libraries that are available to be selected from depends on the policy scope:
Global: Only the Global Task Library can be used.
Group: The Global and Group task libraries can be used.
App: The Global, Group and App libraries can be used.
Task to assign. The task you want assigned.
Assign task to. Which role you want to assign the task to. If the task assignment type has been pre-configured in the task template it is not possible to change it here.
