Policies

Filters

Policy filters allow you to automatically assign a policy to a Service Request when it is created. You can use filters to assign a policy to a Service Request based on the values of its properties or by matching properties of the user who created it.

User filters

User filters allow you to use the properties of the user who created the service request to automatically match a policy. For example, if a user is in a specific department, you can use the department filter to assign a policy to that user.

The user properties that can be included in a user filter are:

  • department
  • city
  • state
  • country
  • postal code
  • office location
  • usage location
  • job title
  • group membership

In addition to specifying values to match against, you can also use the following operators:

  • Equals
  • Not equal
  • Starts with
  • Ends with
  • Is null
  • Is not null

Service Request filters

In addition to using user attributes to match policies, you can use the properties of a Service Request.

The properties that can be included in a Service Request filter are:

  • location - which location is being requested
  • operation - whether the operation is a creation, modification, or deletion
  • resource - the type of resource being requested. For example, compute, database, storage, network, security, etc.

You should know

A Service Request can contain a request for multiple resources. For example, if a user requests a compute instance and a database, the Service Request will contain two resources. If you have a Service Request filter for the compute resource, it will match any Service Request that includes a compute resource request.

Combining filters

You can combine filters to match a policy. For example, if you have a user filter that matches a user in a specific department and a Service Request location filter that matches a Service Request for a specific location, you can add multiple filters which will be combined with the AND operator to match a policy to a user in a specific department and a Service Request for a specific location.

Filter example

Here's an example of a policy filter. You can filter for multiple attributes of Service Requests or the users who create them.

Policy filters

City -eq "Seattle" AND Department -eq "Marketing" AND ResourceType -eq "Compute"

In this particular filter, we are looking at users in Seattle from the Marketing department who are creating a Service Request that will contain a Compute resource.

Note: The actual filter is not stored as a sentence, but this is just shown for readability.

There is no limit to the number of policy filters that can be combined within a Policy, but the complexity of the filter is increased with each additional policy filter. Try to keep it simple in the beginning as you get familiar with Concierge.

Previous
Service lifetimes
Next
Review requirements