Once you've set up different Rulesets like Naming Conventions and Lifecycles, you can use Policy Packages to bundle and execute them based on specific Conditions.
When a new Space is requested, Teams Manager checks the request, and if the defined conditions are met (e.g., a specific Template has been used, or a certain Metadata field has been filled), the corresponding Policy Package is executed, and the Rulesets that it contains are applied.
This allows you to set and execute specific rules for specific use-cases:
β
For example, you can define a specific set of rules, like Naming Conventions and Lifecycles, specifically for "Project" Teams that use your previously created "Project" Template, while applying completely different rules for internal Teams that may use another Template.
Therefore, Policy Packages consist of:
A Selection of Rules and Settings that are bundled together in the Policy Package:
Naming Conventions
Lifecycles
Visibility
Guest access settings
Default Owners and Members
Two-Owner Policies
Approval Protocols
Sensitivity Labels
Access Reviews
And a set of conditions that trigger the execution of that Policy Package:
Template Name
Visibility
Template Type
Sensitivity Label
Metadata
Let's create a simple Policy Package together to get a better understanding of how it can enhance your governance.
β
π Creating Policies
π‘ We highly advise creating a Naming Convention and a Lifecycle prior to creating a Policy so you can control more variables through your Policy Package.
Navigate to Settings > Policies and click on + Create a policy package to get started.
βYou'll be prompted to specify a Name, Description, and an Icon before you can move on to the Rules.
βThe Rules section is where you get to specify which governance components actually get added to the Policy. You can select a Naming Convention and a Lifecycle, tinker with Visibility and Guest Access, specify default Owners/Members, and enable or disable Two Owner and Approval rules, along with Sensitivity Labels.
β
Rule Breakdown:
β
β’ Naming conventions - A predefined set of Prefixes and Suffixes that are automatically applied on top (or instead) of the Team Name specified by the user.
β
β’ Lifecycle - A lifespan for a given Team. Teams that reach the end of their Lifecycle get archived or (optionally) deleted.
β
β’ Force visibility - Allows you to choose whether the team will be public or private by default.
β
β’ Force guest access - Allows you to choose whether guests are allowed to join Teams that are under this policy.
β
β’ Default owner - Allows you to specify a Team owner (other than the System Administrator) that will be automatically assigned to all Teams under this Policy.
β
β’ Default member - Allows you to specify Team members who will be automatically added to all teams that are affected by this policy.
β
β’ Two Owner - Allows you to force users to specify two distinct owners to create a Team.
β
β’ Approval enabled - Allows you to enable/disable the necessity for request approvals prior to Team creation. When enabled, you must choose an Approver Group.
β
β’ Sensitivity label - Allows you to attach different labels to Teams that outline the importance and access level required to be a part of it/utilize it.Access checks are available only to Enterprise Plan users and allow you to easily reassess whether certain Team members should remain in a given Space.
Configure your Access Review protocol and click Next to review your Policy.
β
Once you've set up your Access Checks, you'll be shown a summary of all the Policies you're implementing with this Package. Click Confirm to create your Policy Package.
β
π« Policy Execution
In order for your Policies to take effect, they must be executed based on certain criteria. For instance, you can configure your Policy to be executed for Teams that contain the word "Marketing" in their title or simply attach it to the corresponding Template.
Click on Create Policy Execution in the same window where you created your Policy, or navigate to Settings > Policies > + Create a policy execution to get started.
βSelect + Add a condition to begin configuring your Policy Execution.
βAn Execution can be based on an Attribute or a Metadata field.
β
βAttribute - Allows you to base your Policy Execution on the Team name, Template name, Visibility, Template type, or Sensitivity label.
β
βMetadata - Allows you to base your Policy Execution on existing Metadata
fields.
β
Once you've selected the desired basis for your Policy, you can set it to either Equal a value (e.g., Template Name = Marketing) or to Contain a value (e.g., Template Name contains the word "marketing").
β
In our case, we'll set up a very simple execution that will apply our Policy to the "Marketing" Project Template. We do this by selecting the Template Name Attribute and making it Equal to the "Marketing" Template.
β
Simply click on Create when you're done with the setup, and your Policy will become active.
β
π‘Keep in mind that you can add several execution conditions for each Policy, applying them to different Templates, Teams, and Spaces.
β
π Final Results
Since we've applied our Policy specifically to the "Marketing" Project Template, now, upon creating a request with it, we see the default Owner/Member that we specified earlier, along with a brand new Policy section that describes other rules that will be applied.
β
π£ Next Steps
Now that you've created and applied your Policies, you can start working with Approvals and Access Reviews.
We recommend starting here:
βοΈ Need more help?
Get further assistance with Teams Manager through our support chat widget within the app, or reach out to us at support@solutions2share.com.