Admin

Access the Policy Admin Page

About This Task

You can use the Policy Admin page to configure the retention settings for the execution history records of policies created using Policy Designer, and to manage API Node Credential records.
Important: You can access the Policy Admin page only if you are a member of the MI Policy Administrator security group.

Procedure

In the Applications menu, navigate to ADMIN > Application Settings > Policy Designer.
The Policy Admin page appears, displaying the Execution History Settings workspace.

Configure Execution History Retention Settings

About This Task

The Policy execution log can grow quickly and significantly impact the size of the APM database. You can control the size of the execution log by minimizing the time that the execution history is retained in the APM system and also by selecting an appropriate execution history setting for each policy.

By default,
  • The Policy Execution History records are retained for one month, after which the records are deleted automatically.
  • The automated job is scheduled to run every day.
This topic describes how to change the retention period and the time interval for the automatic job that deletes these records.
The following conditions apply when you set the retention period:
  • These settings are applicable to all types of Policies and Policy Execution History records: Errors, Warnings (Action Taken), Warnings (No Action Taken), Success (Action Taken), and Success (No Action Taken).
  • The most recent execution history of each instance associated with a Policy is retained even if it exceeds the specified retention duration.
  • The node-level execution results, that is, the details that are displayed in the design canvas when you select a record in the Execution History pane, are retained for the configured retention period. However, if indefinite retention is specified, the node-level execution results are retained for six months.
  • Depending on the number of old Policy Execution History records that exist when the retention settings are configured, it may take multiple iterations of the automated job to delete all the old execution history records.

Procedure

  1. Access the Policy Admin page.
  2. For each execution result type for which you want to change the retention period, perform the following steps:
    1. In the Execution History Settings workspace, in the Retention Period section, select Duration.
      The Duration and Every fields appear.
    2. In the Duration box, enter the duration in months for which you want to retain the records.
  3. In the Schedule for background cleanup job box, enter the following detail:
    • REPEAT INTERVAL: The repeat interval at which the automated job must run to delete old Policy Execution History records.
    • NEXT OCCURRENCE: The next occurrence date for the selected Repeat Interval.
    • START DATE: The start date to enable the job.
    • END REPEAT: The end date for the job.
    • TIMEZONE: The timezone that will be considered for running the job.
    By default, the time interval that you enter is defined in hours. However, you can select the required unit from the radio button to specify the interval in other units of time in REPEAT INTERVAL.
  4. Select Save.
    The execution history settings are configured.

About API Node Credential Records

API Node Credential records are used to store the user names, authentication types, and display names for user accounts that will be used by the system when executing API nodes in Policy Designer.

API Node Credentials can be configured to use one of the following authentication types:
  • UAA authentication is valid for user accounts that will be used to access APIs in the following modules:
    • APM Health: Alerts, Alert Templates, Analysis, Assets.
    • APM Reliability: Analytics, Cases, Case Templates.
    • Tools: CBA Dashboard, Advanced Visualization.

    When you create or update an API Node Credential using UAA authentication, you must enter the API user’s current password. The password is stored securely in AWS Secrets Manager. If the API user’s password is changed, you must update the stored password through the Policy Admin page

    As an alternative to setting up API Node Credentials for API users with UAA authentication, you can select the Policy Integration User option in the API node in Policy Designer, provided that the relevant permissions are enabled for the integration user.

  • APM authentication is valid for user accounts that will be used to access APIs in the following modules:
    • APM Health: 360 View, Asset Health Manager, Calibration Management, eLog, Rounds Designer, Rounds Data Collection, Rounds Pro Manager.
    • APM Reliability: Generation Availability Analysis, Generation Availability Analysis Wind, Production Loss Analysis, Reliability Analytics, Root Cause Analysis.
    • APM Strategy: All modules.
    • APM Integrity: All modules.
    • Tools: Advanced Search, Catalog, Data Loaders, Datasets, Errors, General Dashboards, Graphs, Maps, Metrics and Scorecards, Policy Designer, Queries, R Scripts, Reports, Teams.
    • Admin: Configuration Manager, Operations Manager, Application Settings for the modules which use APM authentication.

    When you create or update an API Node Credential using APM authentication, you must enter the user’s current password. The password not stored; it is only used to authorize permission to use that user account as an API Node Credential. If the API user’s password is changed you do not need to re-enter it through the Policy Admin page

The user accounts that you specify in API Node Credential records must have the appropriate permissions to execute the APIs that you want to use in the API node. For information on supported APIs, see the API Node documentation.

Each API Node Credential must contain a unique value for display name. This is the name that will be displayed to Policy Designer users and should be descriptive to enable them to identify the correct user for the API they want to use. Policy Designer users will only see the display name and authentication type; they will not have access to the username or password.

You can set up any number of API Node Credentials as required. For example, you might want to set up different API Node Credentials for access to different APIs.

Add API Node Credential Records

Procedure

  1. Access the Policy Admin Page
  2. Select the API Node Credentials section.
  3. Select
    The API Node User Details window appears.
  4. Enter the Display Name, Username and Password.
  5. Select the Authentication Type and then select Save.
    Note: If you want to add the logged-in user details as API Node credentials, select Add Me check box. The Username and Password fields will be disabled for editing.

    If your credentials are marked as Is Private, only you can create a new policy with the specified username entry in the API node. It is recommended to use a security user or security group if you want to secure a private user, ensuring that only you can execute the given policy.

    When accessing an existing policy with an Is Private username configured, only the logged-in user matching the Is Private entry can modify the API node. Otherwise, an error message will appear. However, you can change the username and save the policy to make changes in the API node.

Results

The credential is saved and displayed in the list of available credentials in the API Node the next time you open a new Policy Designer page.

Update API Node Credential Records

Procedure

  1. Access the Policy Admin Page
  2. Select the API Node Credentials section.
  3. In the grid, select the credential that you want to edit and then select
    The API Node User Details window appears.
  4. Update the credential information as required.
  5. Re-enter the Password.
  6. Select Save.

Results

The credential is updated.

Delete API Node Credential Records

Procedure

  1. Access the Policy Admin Page
  2. Select the API Node Credentials section.
  3. In the grid, select the credential that you want to delete and then select
    A Confirmation Dialog Box appears.
  4. Select OK.

Results

The credential is deleted. Any policies containing API nodes configured to use the credential will no longer execute successfully.