starred/tacticalrmm
1
0
Fork 0
mirror of https://github.com/amidaware/tacticalrmm.git synced 2026-04-26 15:05:57 +03:00
Code Issues 919 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #401] Feature Request: Parent/child link between policies #245

New issue
Open
opened 2026-03-02 02:14:47 +03:00 by kerem · 6 comments
kerem commented 2026-03-02 02:14:47 +03:00
Owner
Copy link

Originally created by @alexandremottier on GitHub (Apr 16, 2021).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/401

Originally assigned to: @sadnub on GitHub.

Is your feature request related to a problem? Please describe.
It's possible to copy policies, but not to allow parent/child inheritance.

Describe the solution you'd like
Implementation of policy inheritance: A change to a parent policy affects all child policies. For each setting in the policies, allow to inherit from the parent or force a setting.

Describe alternatives you've considered
Currently, I delete policies when a setting no longer fits and recreate a copy of the policy I want to base it on.

Originally created by @alexandremottier on GitHub (Apr 16, 2021). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/401 Originally assigned to: @sadnub on GitHub. **Is your feature request related to a problem? Please describe.** It's possible to copy policies, but not to allow parent/child inheritance. **Describe the solution you'd like** Implementation of policy inheritance: A change to a parent policy affects all child policies. For each setting in the policies, allow to inherit from the parent or force a setting. **Describe alternatives you've considered** Currently, I delete policies when a setting no longer fits and recreate a copy of the policy I want to base it on.
kerem commented 2026-03-02 02:14:48 +03:00
Author
Owner
Copy link

@sadnub commented on GitHub (Apr 16, 2021):

I think the policies are in need of some rework. Some ideas I have had are only a single policy can apply to a container or agent. Inheritance could be explicitly set from within the policy as well.

Another option is being able to disable inheritance on containers and agents.

<!-- gh-comment-id:821575847 --> @sadnub commented on GitHub (Apr 16, 2021): I think the policies are in need of some rework. Some ideas I have had are only a single policy can apply to a container or agent. Inheritance could be explicitly set from within the policy as well. Another option is being able to disable inheritance on containers and agents.
kerem commented 2026-03-02 02:14:48 +03:00
Author
Owner
Copy link

@alexandremottier commented on GitHub (Apr 16, 2021):

That is a good idea.
The goal is : I'm adding a check on the root policy, so the child policies must inherit the new check, unless the child policy is configured to force a parameter.
In the case of some customers having more options than others, a check could be added to privileged customers but not on the others.
My vision of the policy is :

Root policy : no checks, no tasks, no patches
|--> Second level policy : checks, tasks and patches according to the customer contract
|--|--> The customer's policy with special parameters if needed.

Must be different policies for servers and workstations. It's possible to add another policy between root and second level policy to match the operating system.

For example :

Root servers policy
|--> Default Windows Servers Policy
|--|--> Privileged Customers Windows Server Policy
|--|--|--> Customer's servers policy

<!-- gh-comment-id:821582147 --> @alexandremottier commented on GitHub (Apr 16, 2021): That is a good idea. The goal is : I'm adding a check on the root policy, so the child policies must inherit the new check, unless the child policy is configured to force a parameter. In the case of some customers having more options than others, a check could be added to privileged customers but not on the others. My vision of the policy is : Root policy : no checks, no tasks, no patches |--> Second level policy : checks, tasks and patches according to the customer contract |--|--> The customer's policy with special parameters if needed. Must be different policies for servers and workstations. It's possible to add another policy between root and second level policy to match the operating system. For example : Root servers policy |--> Default Windows Servers Policy |--|--> Privileged Customers Windows Server Policy |--|--|--> Customer's servers policy
kerem commented 2026-03-02 02:14:48 +03:00
Author
Owner
Copy link

@sadnub commented on GitHub (Apr 25, 2021):

Being able to block policy inheritance at the client, site, and agent level should be in the next release!

<!-- gh-comment-id:826209053 --> @sadnub commented on GitHub (Apr 25, 2021): Being able to block policy inheritance at the client, site, and agent level should be in the next release!
kerem commented 2026-03-02 02:14:49 +03:00
Author
Owner
Copy link

@wh1te909 commented on GitHub (Apr 27, 2021):

Released in 0.6.3

<!-- gh-comment-id:827354654 --> @wh1te909 commented on GitHub (Apr 27, 2021): Released in 0.6.3
kerem commented 2026-03-02 02:14:49 +03:00
Author
Owner
Copy link

@alexandremottier commented on GitHub (Apr 29, 2021):

Hello @wh1te909 ,
After testing, the result does not exactly match my original idea. The update does the opposite.
For my part, I wanted to allow a legacy, like Russian dolls. In my company, we have several SLA levels for our customers, each giving access to different services. The NinjaRMM monitoring tool we currently use allows us to manage one policy per SLA level, with one policy per customer, inherited from the SLA level. On the customer policy, we then add any change requirements. But if there is a change on the SLA policy, the client policies below it must incorporate the settings that have not been changed on the client.
For example, I have a 24/7 SLA policy that 150 customers (out of 400 customers) depend on. If I change a setting on this policy (e.g. change the disk space alert from 95% to 90%), I don't want to have to go through all 150 affected customer policies to change. More importantly, I want inheritance to ensure that policies whose settings have not been changed explicitly apply the update immediately.

image

If I take the example of our current tool, NinjaRMM, I have a policy "SRV - NORMANDIE LOGISTIQUE (ENL)" (which concerns the servers of a client) which inherits the policy "0 SRV (Default) (noAV) (noPatch)". It can be seen that all the parameters of the client policy come from the parent policy except for the "Device has not rebooted in 90 day(s)" control.
If any other parameter changes on the parent policy, for example the CPU alert reset time, the client policy will automatically have this new setting applied.

This was the purpose of my feature request...

<!-- gh-comment-id:829485993 --> @alexandremottier commented on GitHub (Apr 29, 2021): Hello @wh1te909 , After testing, the result does not exactly match my original idea. The update does the opposite. For my part, I wanted to allow a legacy, like Russian dolls. In my company, we have several SLA levels for our customers, each giving access to different services. The NinjaRMM monitoring tool we currently use allows us to manage one policy per SLA level, with one policy per customer, inherited from the SLA level. On the customer policy, we then add any change requirements. But if there is a change on the SLA policy, the client policies below it must incorporate the settings that have not been changed on the client. For example, I have a 24/7 SLA policy that 150 customers (out of 400 customers) depend on. If I change a setting on this policy (e.g. change the disk space alert from 95% to 90%), I don't want to have to go through all 150 affected customer policies to change. More importantly, I want inheritance to ensure that policies whose settings have not been changed explicitly apply the update immediately. <img width="1440" alt="image" src="https://user-images.githubusercontent.com/40338703/116599128-f4c06400-a927-11eb-8d25-acb59fd3be4d.png"> If I take the example of our current tool, NinjaRMM, I have a policy "SRV - NORMANDIE LOGISTIQUE (ENL)" (which concerns the servers of a client) which inherits the policy "0 SRV (Default) (noAV) (noPatch)". It can be seen that all the parameters of the client policy come from the parent policy except for the "Device has not rebooted in 90 day(s)" control. If any other parameter changes on the parent policy, for example the CPU alert reset time, the client policy will automatically have this new setting applied. This was the purpose of my feature request...
kerem commented 2026-03-02 02:14:49 +03:00
Author
Owner
Copy link

@wh1te909 commented on GitHub (Apr 30, 2021):

reopening

<!-- gh-comment-id:830464099 --> @wh1te909 commented on GitHub (Apr 30, 2021): reopening
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
1.0.0
v1.4.0
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.0
v0.20.1
v0.20.0
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.2
v0.18.1
v0.18.0
v0.17.5
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.5
v0.16.4
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.12
v0.15.11
v0.15.10
v0.15.9
v0.15.8
v0.15.7
v0.15.6
v0.15.5
v0.15.4
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.8
v0.14.7
v0.14.6
v0.14.5
v0.14.4
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.15
v0.6.14
v0.6.13
v0.6.12
v0.6.11
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.32
v0.4.31
v0.4.30
v0.4.29
v0.4.28
v0.4.27
v0.4.26
v0.4.25
v0.4.24
v0.4.23
v0.4.22
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
In Process

   
bug

   
bug

   
dev-triage

   
documentation

   
duplicate

   
enhancement

   
fixed

   
good first issue

   
help wanted

   
integration

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
requires agent update

   
security

   
ui tweak

   
wontfix
No labels
In Process
bug
bug
dev-triage
documentation
duplicate
enhancement
fixed
good first issue
help wanted
integration
invalid
pull-request
question
requires agent update
security
ui tweak
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tacticalrmm#245
No description provided.