Create approval levels for Exception Management in Configuration Compliance
Define the levels of users and user groups that are going to approve the exception requests.
Before you begin
Role required: sn_vulc.admin
Procedure
- Navigate to All > Configuration Compliance > Administration > Approval Rules.
- Select an approval rule and navigate to the Approval Configurations tab.
- Select a configuration.
- In the Approver Levels section, select an approver level.
-
On the form, fill in the fields.
Table 1. Approver Level form Field Description Name Approval level name. Required approval Select how many approvals are required for the selected level: - One approver required
- All users must approve
Active Enabled by default, signifying that the approval level is in use. Order Execution order of various configurations within a rule. For example, a configuration with an order entry of 100 runs before a configuration with an order entry of 200. Approval rule Contains the table and type details for the approval rule. This field is read-only. Approval configuration Contains the approval configurations. This field is read-only. Assign using Select an option from: - User and user group
- Approval table field
- Script
Groups Approver level group consisting of multiple users. The user must have one of the following roles for exception management and exception rules: - sn_vulc.exception_approver
- sn_vulc.read
- sn_vulc.read_auto_exception_rule
Users Edit the users listed in the groups. -
To save the changes, select Update.
Note:Prior to v13.0, the workflow process is functional if there are users only in Exception level 1. However, starting from v13.0, there must be at least one user in each level.
Prior to v13.0, in the workflow, if there was no user in the second level, the remediation task was deferred. However, v13.0 onwards, if there is no user in the second level, the approval request is automatically rejected.
Example
There can be different approval levels for remediation tasks for Linux and Windows servers.