Create an action for an 'approval' policy

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • A policy that is triggered by one of the approval triggers can start approval workflows. The approval triggers are ( on Blueprint provision (approval), on Stack operation (approval), on Stack resource operation (approval), and on Task remediation .

    Before you begin

    Optional: Create one or more cloud policy groups.

    Configure a cloud policy rule and associated conditions.

    Role required: sn_cmp.cloud_governor or admin

    About this task

    When multiple "approval" policies apply, the policies are applied in the following order. (The approval policies are on Blueprint provision (approval), on Stack operation (approval), on Stack resource operation (approval), and on Task remediation ):

    1. Only the first successful approval policy is applied and no other approval policies are applied.
    2. If the applied approval policy has multiple rules, only the first successful rule is used.
    3. If a rule has multiple actions, only the first successful action is performed.
    4. If the applied approval policy includes both a custom approval and a Service Now approval, only the custom approval process is performed.

    Procedure

    1. In the Cloud Admin Portal, navigate to Govern > Policies.
    2. Open a cloud policy and set the policy to the Draft state if needed.
    3. Open the rule that should perform the action and then click New on the Policy Rule Actions related list.
    4. On the popup, click Create for the type of action to perform.
      Create Action popup
    5. Select any of the following actions.
      • Custom Approval runs the workflow that you specify. The workflow should return a value of approved to complete the operation. Follow Service Now Approval for use case.
      • Service Now Approval supports differing approvers based on the trigger for the policy:
        Trigger Workflow Available approvers
        on Blueprint provision (approval) Cloud Approval Workflow
        • Manager Approval
        • Assignment Group
        • User (lock)
        on Stack operation (approval) Cloud Operation Change Request Workflow Assignment Group
        on Stack resource operation (approval) Cloud Operation Change Request Workflow Assignment Group
    6. On the Approval form, specify a unique and meaningful Action Name.
      Figure 1. Action in the rule
      Approval policy action
    7. If you select Custom Approval, specify the workflow and then click Submit and if you select ServiceNow Approval, specify who should approve the cloud activity.
      Table 1. Approval fields
      Field Description
      Manager Approval One or all of the following:
      • Select the Manager Approval check box to require the manager of the approver to also approve the request. The default approval workflow goes to the manager first, then to the group, and finally to the user.
      • Select a user group from the Assignment Group list.
      • Unlock the User lock, select a user from the list, then close the lock.
      Assignment group Select the assignment group that can approve the request. Any user in the group can approve the action using the default workflow. The approval then goes to the users in the User field.
      Note:
      Users in an assignment group that do not have the itil role still receive an approval record and notification by default, but they cannot perform the approval. Assign the itil role to any users or user groups that must make operational and provisioning approvals.
      User Select one or more users to whom the approval action applies. All selected users must approve the action using the default workflow.