Ownership
Ownership is a core use case of Cortex, as many organizations seek to establish clear ownership of services, data, and other entities.
Services, domains, and other entities should be owned within Cortex to ensure appropriate action can be driven using Scorecards and Initiatives.
Ownership also drives which users will receive notifications from Cortex, including alerts for on-call changes, when verification is needed on an assigned entity, when an entity is re-evaluated and its Scorecard changes, and more.
When viewing an entity, the owner(s) appear in the metadata bar at the top of the page:
Click into the team name to view the team's entity page, including a list of members and a list of entities owned by that team.
Before setting ownership, you must create or import the teams and users who will be defined as owners for your entities.
Defining owners for entities
You can define owners based on:
- A team
- We recommend setting up teams as owners. If you link a
groupin your YAML file from a different platform (such as Okta), the members of the team will be automatically updated in Cortex if anyone leaves your organization and is removed from your integrated identity provider.
- We recommend setting up teams as owners. If you link a
- A user email address
You can define owners via the entity descriptor YAML or directly in the Cortex UI.
- Cortex UI
- Entity descriptor
- In Cortex, navigate to Catalogs > All entities.
- Search for and select the entity whose ownership you want to edit.
- On the left side of the entity's page, click Owners.
- On the Owners page for the entity, click Add team or Add user.
- Add team:
- Select a team from the dropdown menu, then click Add.
- Add user:
- Select a user from the dropdown menu, then click Add.
- You can also add a user who is not listed in Cortex. To do this, enter an email address into the Email address field, then click Add.
- Add team:
The x-cortex-owners field allows you to define a list of owners of type email or group.
x-cortex-owners:
# Groups can be pulled from various integrations
- type: group
name: my-team
provider: CORTEX
description: This is a description for this owner # optional
- type: email
email: user@example.com
description: This is a description for this owner # optional
Cortex recognizes groups from the following integrations:
The value of provider is the name of the integration that the group is coming from. The available list is:
- ACTIVE_DIRECTORY
- AZURE_DEVOPS
- BAMBOO_HR
- CORTEX: Use when referring to a team defined in Cortex; these teams do not map to identities from a connected integration.
- GITHUB
- GITLAB
- OKTA
- OPSGENIE
- SERVICE_NOW
- WORKDAY
name is a case-sensitive field that refers to the following:
- if your provider is
CORTEX,namecorresponds to thex-cortex-tagfor the Cortex team you want to identify as an owner - otherwise,
namecorresponds to the upstream identifier of your owner from your integration
View entities owned by all teams within a hierachy
Teams can exist within hierarchies. You can view a list of all entities that are owned by the parent team and all children teams in the hierarchy:
- Navigate to the parent team's page in Cortex.
- Click the Filter icon in the upper right corner.
- In the filter modal, toggle ON the setting for Include inherited children.
- Click Save filters.
The list will now display all entities owned by the parent and its children teams. Note that this setting does not persist when you navigate away from the page.
Read more about hierarchies in Setting up a team hierachy.
Automatic discovery for AWS
Cortex can automatically discover ownership for your AWS resources using their owner tag. To enable this, make sure that your AWS resources have an owner tag matching the x-cortex-tag of the corresponding Cortex team and enable the Sync ownership from AWS toggle in Settings > AWS.
You can pull in all resources from AWS, and Cortex syncs those owners automatically based on their tags in AWS, allowing you to easily keep the resource owners up to date.
We sync ownership from AWS every day at 6 am UTC.
Viewing entity ownership
View your owned entities
To see a list of entities you own, navigate to Catalogs > All entities then click the "Mine" tab:
View a team's owned entities
You can filter the entity list by owner:
- Under Catalogs > All entities, click the "All entities" tab.
- In the upper right corner, click the Filter icon. In the modal that appears, scroll to the Team field and select one or more teams.
- Click Save filters.
Ownership settings in Cortex
Under Settings > Entities, there are several settings relating to teams. Read more about these in the Teams documentation.