# Policy Configurator
The Policy Configurator provides a way to globally set default values for any Policies used by any of the Report Tools in Insights. These settings make it easy to customize Insights for common policy scenarios without having to first write Automation Rules.
The Policy Configurator can be used to:
Customize the default Policy Enforcement behavior for CI/CD and Admission Controller contexts: For example, ensure workloads with
Privilege escalation should not be allowedare blocked by the Admission Controller at time of deployment, but only warn users through Action Items when they scan their infrastructure-as-code in a repository scan
Always guarantee a certain Policy enforcement action (pass or fail) regardless of Action Item severity: For example, enforce
Memory requests are setat time of Admission across your organization, while reporting it as a
Mediumseverity Action Item
Modify default Severities: Globally modify the default Severity of Action Items to better match your organization's requirements. For example, you may want to increase the severity of
Liveness probes are missingto
Check out the Policies configuration with the CLI for information on how to modify Policies.
# Using Policy Configurator with existing Automation Rules
Automation Rules are still powerful ways to make granular Policy enforcement decisions such as scoping enforcement behavior to specific namespaces or labels. However, common use cases like changing default severity or guaranteeing pass/fail Policy enforcement behavior are all achievable via the Policy Configurator without needing to write custom Automation Rules.
# Available Settings
With the new Policy Configurator, you can now override the default settings of a Policy generated by any of the tools in Insights:
|Policy Configurator Setting||Default||Description|
|Set the default severity||Defaults to the severity used in the original reporting tool||This makes it easy to change the default severity of Action Items to better align with your organization's reporting requirements|
|Blocking override for CI/CD and Admission Controller||Based on Action Item severity. ||For the CI/CD and Admission Controller contexts, you can enforce a "must always fail" or "must always pass" rule regardless of the Action Item's severity|