Assigning Ownership to Services

A service can be owned by one or more individual users and/or groups. These can be either local accounts that have been set up in Commander or directory service accounts.

The three types of service ownership that can be assigned to individual users and groups are:

  • primary owner (one per service)
  • IT contact (one per service)
  • other (multiple "other" owners can be assigned to each service)

The first user or group assigned to the service will automatically become the primary owner; any additional owners are automatically assigned as "other" owners. However, you can later change an owner's status to primary or IT contact (again, only one primary owner and IT contact are permitted).

When multiple owners are assigned to a service:

  • responsibility for management can be delegated to multiple individuals, for example, help desk, IT contact, and primary owner
  • more than one user can access the service through the Service Portal
  • more than one owner can receive email notifications about expiry and about policy alerts generated by Commander

Organizations

You can also assign a single organization to a service to enable organization members to potentially view that service. Organization ownership also allows you to:

  • to delegate administrative tasks when an organization has multiple managers with permissions to manage an organization's resources
  • to configure resource- and cost-based quotas for organization members

In this topic:

Service visibility

When a service is assigned to an organization, the following conditions determine whether a user can see the service when they are logged in to the Service Portal as a member of that organization:

Granted permission To see the service...

If the permission of "Show All Organization Services" is NOT granted.

By default, the View Only, Customer, and Delegated Admin roles aren't granted the permission of "Show All Organization Services".

The service must be assigned to the organization

and

The user must be an owner of the service (primary, IT contact or other)

If the permission of "Show All Organization Services" IS granted.

By default, the Manager role is granted the permission of "Show All Organization Services".

The service must be assigned to the organization

or

The user must be an owner of the service (primary, IT contact or other)

Notes:

  • If ownership of a service is assigned to a user with an individual Service Portal role, that service will be visible to the user when they are logged into the Service Portal with that individual role.
  • A user can also be both an individual owner of a service and belong to a group or organization that owns the service. In this case, the higher level of permissions is always used. For example, Jose is a member of the group Development, which is the primary owner of a particular VM, but Jose is also an "other" owner of the VM. In this case, Jose has primary owner permissions on that VM.

Automatic ownership assignment

If a user requests a service in the Service Portal, that user automatically becomes the primary owner, and if the requester is an organization member, the service is also automatically assigned to that organization.

If the Primary Owner specified on the new service request form isn't the requester, the deployed service is still assigned to the requester's organization. Also note that to see this service, the primary owner must be a member of the requester's organization, or must have an individual Service Portal role. See Walk-through: Configuring Organizations to learn more about organizational and individual roles.

You can also automatically assign service ownership through the following methods:

  • use the Default Ownership policy to assign ownership to a new service that's created outside the Commander service request process, or directly in the managed system
  • configure a completion workflow with a Set Ownership step that will set the ownership through a service request

Notes:

  • The ownership set for an existing virtual service, application stack or auto scaling group is automatically inherited by all of its children, overriding any existing ownership on child VMs. But you can add and remove non-primary owners to a child VM if required.
  • Service ownership can also be assigned an organization for an existing service through a change request.

Assigning ownership for services

Access through:

Views menu > Inventory > Infrastructure, Applications, or Storage

Available to:

Administrator and All Operator Levels of Access Rights (except where noted)

In Commander, you can select a single service and assign ownership for that service to an organization and/or one or more users or groups. See Assigning ownership for services below.

To assign ownership for a service:

  1. Select a service in the tree or in a table.
    • For a VM, right-click and select Lifecycle Management > Set Ownership.
    • For all other service types, right-click and select Set Ownership.

      For Kubernetes services, the Applications view allows you to select a namespace and see all of that namespace's child resources that the ownership will be applied to. For all views, the deployed namespaces are also listed on the Namespaces tab; from this list you can select multiple namespaces and set the ownership for them.

  2. Optional: In the Set Ownership dialog, from Organization, select an organization.
  3. To assign individual owners, enter the login name or the email address of a user and click Add.

    The first owner you add is automatically assigned as primary owner.

    If you didn't select an organization in the previous step, when you assign ownership to one or more organization members, their organization is automatically selected. If the assigned users belong to multiple organizations, the first organization of the first user is selected, but you can change this assignment.

  4. To add more owners, enter additional login names or email addresses and click Add.
  5. (Optional) To assign an IT contact, select an owner in the list and click Assign IT Contact.
  6. (Optional) To change the primary owner, select an owner in the list and click Assign Primary Owner.
  7. Click OK.

Assigning ownership to multiple services

Access through:

Views menu > Inventory > Infrastructure, Applications, or Storage

Available to:

Administrator and All Operator Levels of Access Rights

If you want to assign ownership to many services, you can select an infrastructure element in Commander and assign ownership for all of its child elements. The ownership of the child elements can be assigned to an organization and/or one or more users or groups.

You can assign ownership to the children of the following infrastructure elements:

  • Managed system
  • Managed Kubernetes cluster
  • Datacenter
  • Compute cluster
  • Resource pool
  • Folder
  • Region
  • Virtual network
  • GCP project
  • GCP organization
  • GCP zone

When you assign ownership to the children of a managed Kubernetes cluster:

  • it's only applied to its deployed child resources (that is, those displayed under the Applications tree).
  • the cluster's three standard namespaces, "default", "kube-public", and "kube-system" are excluded. To assign ownership for these namespaces, you must manually assign it for each one.

To assign ownership to the children of an infrastructure element:

  1. Select an infrastructure element in the tree, right-click and select Set Ownership on Children.
  2. In the Commands pane, click Set Ownership on Children.
  3. Optional: In the Set Ownership dialog, from Organization, select an organization.
  4. To assign individual owners, enter the login name or the email address of a user and click Add.

    If you are assigning ownership to organization members, you must also assign ownership to their organization for those organization members to have access to the services.

  5. To add more owners, enter additional login names or email addresses and click Add.

    By default, the owners you add are appended to the current list of owners. If you want to replace the existing owners instead, enable Replace existing owners.

  6. To specify that new deployed services in this level of the tree should have the same ownership, enable Automatically set ownership on new resources. (To enable this option, you must have a Superuser or Enterprise Admin role and Administrator access rights.)

    Caution: Enabling this option automatically creates a Default Ownership policy targeting the selected infrastructure. To edit default ownership policies, see Managing Policies.

  7. (Optional) To assign an IT contact, select an owner in the list and click Assign IT Contact.
  8. (Optional) To assign a primary owner, select an owner in the list and click Assign Primary Owner.
  9. Click OK.