Configure a cloud policy condition

Configure the condition on a cloud policy rule that determines when the actions in the rule can run. Conditions are optional.

Before you begin

Procedure

  1. Open a cloud policy rule.
  2. In the Conditions related list, click New.
  3. Fill out the form fields (see table).

    Field Description
    Logical operator
    If you configure multiple conditions, select the logical operator that determines how the system evaluates the condition in relation to the next condition (the next condition is determined by the Order field):
    • AND: this condition the next condition must meet the criteria before the policy is eligible for execution.
    • OR: this condition or the next condition that matches the criteria can allow the policy to be eligible for execution.
    If you do not select an option, AND is used by default.
    Criteria type Select one of the following options:
    • User: base the condition on a user role or on the group the user belongs to.
    • Request form data: base the condition on a value for the field in the blueprint.
    User entity

    [User criteria type]

    Select one of the following options:
    • Role: base the condition upon the role the user has.
    • Group: base the condition upon the group the user belongs to.
    Relational Operator Select an operator that evaluates the user entity to the role or group, or the attribute to the value.
    For example, to create a condition that applies when the user belongs to a specific group like the Database group, select these values for the following fields:
    • Criteria Type: User
    • User Entity: Group
    • Relational Operator: Equals
    • Group: Database
    Group/Role

    [User criteria type]

    Select the group or the role.
    Attribute

    [Request Form Data criteria type]

    Enter the attribute from one of the following items:
    • The blueprint, if you selected a trigger that requires you specify a blueprint.
    • The resource block, if you selected a trigger that requires you specify a resource block.

      A textbox is displayed for attributes when a policy is not configured on a specific object for a trigger.

    Value

    [Request Form Data criteria type]

    Enter the value for the attribute. You can use a static value or use an expression to derive the value from:
    • a form parameter using the following syntax: ${parameter.formData.parameterName} where parameterName is the name of the actual parameter the form, such as in a blueprint.

      For example: ${parameter.formData.CatalogAttributeType} takes a catalog attribute type.

    • user data using the following text: ${parameter.userData.userID}or ${parameter.userData.userName}
    • stack or table values using the following syntax: $(ci.table_name[parm=${parameter.formData.parameterName}]) where table_name is the actual table that contains the value and parameterName is the name of the actual parameter the form.

      For example: $(ci.sn_cmp _ip_pool[subnet=${parameter.formData.Subnet Id}]) takes the subnet from the IP Pools table.

    Order of execution

    Enter a number that tells the system which record to evaluate first in relation to others. The record with the lowest number runs first.

  4. Click Submit.

What to do next

Configure one or more actions.