Content sharing policies control what items and actions are available in the Automation Service Broker catalog for users and user groups. If you have catalog items that require additional governance, you can apply content sharing policies to those items.
You can share content at the project level or at the organization level. When you add a content source or a catalog item to a content sharing policy, you allow the users and user groups specified in the policy to request the items in the Automation Service Broker catalog.
How are content sharing policies enforced
- You can create content sharing policies that apply to the whole organization, to selected projects, or to a single project. You can also provide additional governance at the content source or at the catalog item level for all content that is associated with a specific project.
- For the organization scope, all users can request shared catalog items. For items that are not shared, users with the Viewer and User roles can view or request catalog items only if they are members of the project that the item is associated with, based on their project role.
- Multiple content sharing policies can be created per project and per organization.
- If you upgrade to vRealize Automation 8.8.2, all of your shared content is migrated. A content sharing policy is automatically created for every project with entitlements that were added through the Content Sharing tab.
Content sharing policy constraints
- Users who are not members of the organization or the project, specified in the policy scope, can still be added to the content sharing policy when the policy is created through an API request. Such users, however, still don't have access to the catalog items associated with the project. You can limit the policy scope to adding users who belong to the selected project.
Procedure
In this use case, there are three policy definitions that illustrate how you can construct content sharing policies and the results when they are enforced.
- Select .
- Configure Content Sharing Policy 1.
As an administrator, you want to grant two new users in your project access to all cloud templates that are associated with the project.
- Select a project to which to apply the policy.
Setting Sample Value Scope Select Project and search for your project. This policy is applied to content associated with this project.
- Select what content you want to share with members of the project.
Setting Sample Value Content sharing Click , then select the cs-project1 content source to share with users.In this scenario, cs-project1 contains four cloud templates.
- Select the users you want to share the content with.
Setting Sample Value Entitlement type User based Users Click Add Users and enter the emails of the two new users. [email protected], [email protected]
You can only select users who are associated with the scoped project.
In this scenario, all four cloud templates associated with the content source you specified become available for User 1 and User 2.
- Select a project to which to apply the policy.
- Configure Content Sharing Policy 2.
You want to share a new cloud template with developers in several projects.
- Select the projects to which to apply the policy.
Setting Sample Value Scope Select Multiple Projects and define project criteria. For example, Project name contains dev
This policy is applied only to projects whose name contains the phrase dev.
- Select the content that you want to share.
Setting Sample Value Content sharing Click , then select an individual cloud template to share with users. - Select the users you want to share the content with.
Setting Sample Value Entitlement type User based Users Select the Share content with all users/groups in the project check box. In this scenario, the cloud template becomes available to all users and user groups in the developer projects that are included in the policy scope.
- Select the projects to which to apply the policy.
- Configure Content Sharing Policy 3.
You want to grant administrators access to multiple content sources across your organization.
- Select a project to which to apply the policy.
Setting Sample Value Scope Organization - Select the content that you want to share with members of the project.
Setting Sample Value Content sharing Click , then select the content sources you want to share.cs-project3, cs-project4
- Select the users you want to share the content with.
Setting Sample Value Entitlement type Role based Users Select Administrator. You can grant content sharing rights only to users with the Project Administrator or Project Member role as well as custom user roles.
In this scenario, all content from the selected content sources becomes available to users with the Project Administrator role across your organization.
- Select a project to which to apply the policy.
What to do next
- For more examples of how other policies are processed and enforced, see How are Automation Service Broker policies processed.
- Configure policies that are relevant to your organizations and projects.
- Provide content to your users. See Adding Content to the Automation Service Broker Catalog.