Feature Request: Parent/child link between policies

[alexandremottier]

Is your feature request related to a problem? Please describe.
It's possible to copy policies, but not to allow parent/child inheritance.

Describe the solution you'd like
Implementation of policy inheritance: A change to a parent policy affects all child policies. For each setting in the policies, allow to inherit from the parent or force a setting.

Describe alternatives you've considered
Currently, I delete policies when a setting no longer fits and recreate a copy of the policy I want to base it on.

[sadnub]

I think the policies are in need of some rework. Some ideas I have had are only a single policy can apply to a container or agent. Inheritance could be explicitly set from within the policy as well.

Another option is being able to disable inheritance on containers and agents.

[alexandremottier]

That is a good idea.
The goal is : I'm adding a check on the root policy, so the child policies must inherit the new check, unless the child policy is configured to force a parameter.
In the case of some customers having more options than others, a check could be added to privileged customers but not on the others.
My vision of the policy is :

Root policy : no checks, no tasks, no patches
|--> Second level policy : checks, tasks and patches according to the customer contract
|--|--> The customer's policy with special parameters if needed.

Must be different policies for servers and workstations. It's possible to add another policy between root and second level policy to match the operating system.

For example :

Root servers policy
|--> Default Windows Servers Policy
|--|--> Privileged Customers Windows Server Policy
|--|--|--> Customer's servers policy

[sadnub]

Being able to block policy inheritance at the client, site, and agent level should be in the next release!

[wh1te909]

Released in 0.6.3

[alexandremottier]

Hello @wh1te909 ,
After testing, the result does not exactly match my original idea. The update does the opposite.
For my part, I wanted to allow a legacy, like Russian dolls. In my company, we have several SLA levels for our customers, each giving access to different services. The NinjaRMM monitoring tool we currently use allows us to manage one policy per SLA level, with one policy per customer, inherited from the SLA level. On the customer policy, we then add any change requirements. But if there is a change on the SLA policy, the client policies below it must incorporate the settings that have not been changed on the client.
For example, I have a 24/7 SLA policy that 150 customers (out of 400 customers) depend on. If I change a setting on this policy (e.g. change the disk space alert from 95% to 90%), I don't want to have to go through all 150 affected customer policies to change. More importantly, I want inheritance to ensure that policies whose settings have not been changed explicitly apply the update immediately.

If I take the example of our current tool, NinjaRMM, I have a policy "SRV - NORMANDIE LOGISTIQUE (ENL)" (which concerns the servers of a client) which inherits the policy "0 SRV (Default) (noAV) (noPatch)". It can be seen that all the parameters of the client policy come from the parent policy except for the "Device has not rebooted in 90 day(s)" control.
If any other parameter changes on the parent policy, for example the CPU alert reset time, the client policy will automatically have this new setting applied.

This was the purpose of my feature request...

[wh1te909]

reopening