Administration › CA CMDB Administration › Configuration Control › Verification Policies › Create a Verification Policy

Create a Verification Policy

The Configuration Administrator creates verification policies for change verification. For example, the policy can reject specific attributes and values from a transaction, or can record the transaction to the TWA for deferred processing. For authorized source MDRs, the policy can accept the transaction unconditionally.

The Verification Policy History tab shows the audit history that displays all previous modifications made to the policy with the time and user that made the changes. The Verification Log tab shows all the CACF events associated with the policy. The Verification Log tab lists all events that have occurred for the policy. The log shows details on the affected change specifications, managed attributes, and actions when the policy was effect.

For example, the log displays the modified managed attribute and the policy history shows the category values that you specified in the policy. Verification log entries highlighted in red indicate the corresponding change specification is either Failed Verification or Manual Verification Active and require further attention by the user.

Follow these steps:

1. Click Create New.

   The Create New Verification Policy page appears.

2. Complete the Policy Description:

   Sequence

   (Unique) Specifies the numbered order to process the policy.

   Note: CACF processes policies in ascending order.

3. On the Policy Settings tab, select the appropriate Change Order alignment:

   Change Orders With Specifications

   Active if a Change Order with selection criteria matches the inbound CI and the attribute. The inbound transaction data may not match the specified change specifications. If an exact match exists between the planned value and the inbound data, the policy determines whether to close any Incidents that change verification creates automatically.

   Change Orders Without Specifications

   Active for Change Orders that do not have any change specifications defined. Indicates that CACF cannot verify the variance for the inbound CI attribute data for Change Orders that do not have change specifications.

   Rogue Insert

   Indicates that the variance is found without a matching CI or change ticket.

   Rogue Update

   Indicates that the variance is found with a matching CI, but without a matching change ticket that updates the changed attribute.

4. Select a Managed Attribute.

   Select Any Managed Attributes if the policy applies to all managed attributes.

5. Enter the appropriate patterns (Role Pattern, MDR Name Pattern, MDR Class Pattern, CI Name Pattern, Class pattern, Location Pattern), considering the following rules:
   • When you specify patterns, the MDR Name Pattern, MDR Class Patterns, and role patterns refer to the source of the data update. The other filters refer to the CI that a user updated.
   • Specify an exact string match for the inbound attribute value.

     For example, enter COHESION to return all string matching COHESION.

   • Specify an exact string matched suffixed with a wildcard (*) for the inbound attribute value. CACF only allows one asterisk at the end of the string.

     For example, enter spectrum* to match the string spectrum, and any string that starts with spectrum.

   • Specify the negative of an exact string match by prefixing the string with an exclamation point.

     For example, enter !COHESION to match any string that does not start with COHESION.

   • The MDR Name of Web Client indicates that the web interface created the source data.

   Note: Policy filters do not support embedded wildcards, such as spec*rum..

6. (Optional) Select a Priority level from the drop-down list to match the CI priority
7. (Optional) Select a Service Type from the drop-down list to match the CI Service Type.
8. Select the appropriate Update Behavior from the drop-down list:

   Allow Attribute Update

   Updates to CI attribute values are always allowed.

   Use this value when you require no attribute verification, such as when you require logging and auditing.

   Allow Update Only if Matches Change Specification

   Updates the CI attribute value only if it matches the planned value of the change specification. Otherwise, CACF rejects the update, and the change specification status sets to Failed.

   Use this selection when you enable Change Order verification.

   Always Cancel Entire Transaction

   Cancels this update and all other updated attributes during this transaction. If any matching policy cancels the entire transaction, the transaction is canceled, even if other policies allow the change.

   This value only triggers when an update occurs to a managed attribute.

   Keep Old Attribute Value

   Value rejects the inbound data.

   This value is similar to cancelling the entire transaction, but it only rejects a single attribute.

9. Select the appropriate Action:

   Write Data to TWA

   Select Always or Never. If you select Always, the incoming data is written to the TWA for later processing.

   Create Incident

   Select Yes or No to create Incidents based on this verification policy. If you select Yes, CACF creates an Incident if verification fails or a rogue update occurs.

   Incident Template

   (Optional) Select an existing template to use if CACF creates an Incident.

   Close Incident after Verification

   Automatically closes any associated Incidents with this verification policy when the data matches the Change Order and all change specifications are verified in a final state.

   Log Only Mode

   Adds a warning message to the stdlog whenever this policy would take effect.

   Note: Any higher sequenced policy governs the transaction, as if this mode policy did not exist.

10. Specify Activation and Deactivation dates when this policy is in effect, and click Save.

    The verification policy is saved.