Tag Policies form

Release version: Washingtondc

Updated February 1, 2024

4 minutes to read

The Tag Policy form displays details for configuring policies running on discovered Cloud resources or Configurable Item, to audit the tag compliance and health.

On the form, fill in the fields:

Table 1. Tag Policies
Field	Description
Name	Unique and descriptive name for the policy.
Short Description	A short summary that describes the policy.
Policy Type	Policy type selection for the tag compliance and health audit. Tag Count Policy Select the Tag Count policy type when you’re creating a policy to check for a specific count of tags that are present in the Configurable Item or CIs. Tag Key Policy Select the Tag Key policy type when you’re creating a policy to check for tags with specific values (string expressions). Tag Key & Value Policy Select the Tag Key & Value Policy type when you’re creating a policy to check for key and value pair and value strings. Based on your selection, you must specify a tag key count, tag key value, or a key value pair or string.
Expected Tag Count	Policy that checks a discovered Configurable Item for the specified value in the Expected Tag Count field. For example, if you specify `4` in the field, the policy checks whether the CIs have at least four tags specified. CIs with fewer tags than the specified number of tags are considered as failed or non-compliant. CIs that meet the value that is specified in the Expected Tag Count field are considered certified against this policy. This field appears only when Tag Count Policy is selected from the Policy Type field.
Expected Tag Keys	Policy that executes to check discovered CIs for the tags specified in the Expected Tag Keys field. You can specify multiple tags or string expressions in a comma-separated format. For example, if you specify `prod,finance,cost center` the policy checks if the CIs have all the specified tags. CIs that have all the specified tags as certified or fully compliant. If CIs are missing any of the tags specified in the Expected Tag Keys field, they’re considered failed or non-compliant. This field appears only when Tag Key Policy is selected from the Policy Type field.
Tag Key & Value Checks	Execute this policy to check discovered CIs for the tag key and values specified in the Tag Keys & Value Checks field. You can specify multiple tag key & value pairs or specify a script to check for a collection of values. For example, if you specify `user` in the Key field, and `admin` in the Value field, the policy checks for CIs that do not have the matching key-value pair. CIs matching the query are considered compliant. Note: The Script field appears only when Tag Key & Value Policy is selected from the Policy Type field. Use the Script field for specifying multiple values to return a string set. See the following sample code. Example code `// The script should return a string set to tagValues variable. // the code sets the tagValues array with name of the CI // by this the check will be done for the tag to match the CI’s name tagValues = [ci.name.toString()];`
Active	An option to activate or deactivate the schedule.
Run on cloud events	An option to enable real-time policy runs on the cloud events. Note: Ensure that you have configured auto-updating the CMDB with cloud events for the relevant cloud provider.
Save cert audit result	An option to save the certification audit findings and incorporate tag policy outcomes in a CI's health calculations. Note: This option can be activated if there is a business need to incorporate tag policy outcomes in the CI health calculations.
Run	Refers to the frequency at which the policy executes. From the Run list, select one of the following options: Daily Monthly Weekly Periodically Once On Demand Note: Select the On Demand option to run an audit immediately after configuring the policy. Business Calendar: Entry Start Business Calendar: Entry End
Next scheduled run date	Refers to the date and time on which this policy is scheduled to run the next time. This field appears only for scheduled runs and not for on-demand runs.
Filters	Condition statements with a series of contextually generated fields. Use lookup lists to build conditions and filter the CIs eligible for audit. Dynamic conditions and filters you specify to fetch the desired tags based on service accounts and associated datacenters.
Table	Displays the Configuration Item [cmdb_ci] table on which the filters are applicable.
Policy Criteria	Other policy criteria that you can configure using dynamically populated reference lookup lists. Thecmdb_ci table populates the data for this lookup list. For more information, see the Reference lookup.
Tag Filter	Filter CIs further based on Key, Keywords, and Value that you specify. Use the condition builder to customize your filters.
Task Assignment	Option to assign follow-on tasks to users or user groups.
Create Tasks	Option to create follow-on tasks. Note: If there is an existing task mapped to a CI and tag policy, the sn_itom_tag.allow_new_cert_follow_on_task system property determines whether to create a new task or update an existing one when there is a compliance failure: To update the existing task with the compliance failure details but not create a new task, the property would be set to false (the default) To create a new task, the property would be set to true.
Group	Assignment group to which you want to assign the task. Use lookup lists to select an assignment group. This field appears only when you select the Create Tasks check box.
User	Specific user from the assignment group to whom you want to assign the task. Use lookup lists to select a user. This field appears only when you select the Create Tasks check box.