Define the policy exception approval rules

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read

    • Approval rules define how policy exception requests are reviewed and approved, enabling organizations to create customized, multi-level workflows.

    Before you begin

    Role required: sn_compliance.manager to create the policy exception approval rules.

    About this task

    Approval rules enable organizations to create customized, multi-level workflows for reviewing and approving policy exception requests based on specific filter conditions. These rules support dynamic assignment of approvers and allow configuration of approval requirements at each level. Once configured, requests are automatically routed to the designated approvers, streamlining the approval process.

    Procedure

    1. Navigate to All > Assignment and Approval Configurations > Approval Configurations.
      The GRC Approval Configurator is shipped with default template for approval called Policy Exception - Approval Config.
    2. Select Policy Exception - Approval Config.
    3. On the form, fill in the fields.
      Table 1. Approval Configuration form
      Field Description
      Active Option to enable the configuration.
      Filter Condition

      Filter conditions to define when the configuration should be activated. The available values are sourced from the Policy Exception table.

      By default, State is set to Awaiting Approval. This is a mandatory condition.

      You can set other filter conditions as well. Use logical operators such as AND or OR to build complex condition sets.
      Name

      Name of the approval configuration.

      By default, the template name is Policy Exception - Approval Config. You can change the template name.
      Domain Functional group or role that should be associated with the approval flow.
      Priority By default, the approval configuration is set with priority 2.
      Note:
      The approval configuration is set to priority 2 by default and should be retained to ensure that this approval triggers immediately after verification of policy exception requests.
      Applies to Verify that the Policy exception (sn_compliance_policy_exception) option is selected.
    4. Add approval levels to the configuration in the Approval Levels table.
      A default approval level called Approval Config - Level 1 is already set up. You can add multiple levels for the configuration. Each level can have its own rules, assigned users or groups, and triggering conditions.
    5. Select Verification Config - Level 1.
    6. On the form, change the following fields:
      Table 2. Verification Level form
      Field Description
      Name By default, the name provided is Approval Config - Level 1.

      You can retain the same name or change the name.
      Level Keep the level as 1, as this is the first level that we are configuring.
    7. Select Submit.
    8. Add additional approval levels to the configuration by selecting New in the Approval Levels table.
      Table 3. Verification Level form
      Field Description
      Name Provide a name to the new level.
      Level Assign the level.
    9. Select Submit.
      After adding the required approval levels, add verification rules to each level.
    10. To add verification rules, select the configured verification level, and do the following:
      1. In Approval Rules, select New.
      2. On the form, fill in the fields.
        Table 4. Rule configuration form
        Field Description
        Name Name for this rule.
        Description Description for the rule.
        Source Source table for rule evaluation.
        Additional condition Option to refine the source table by applying additional filters.
        Query using field Field on the source record to query for matching approval conditions.
        Approve type Approval type options:
        • Specific approvers: Select individual users, groups, or both as approvers directly. This option enables you to assign approvers manually without relying on dynamic or source-based logic.
        • Approver from source: Select approvers that are based on values from the source table. You can select a user field, a group field, or both to determine approvers dynamically from the source record.
        • Dynamic approvers: Define approvers dynamically using the source. Apply static or advanced dynamic conditions to filter approvers. You can select a user field, group field, or both to determine who should approve.
        • Scripted approvers: Use a script to determine the approvers programmatically. The script must populate the users and groups variables.
        Approval required from Approval options: Select All to make it required for all the selected users to approve the exception. Select Anyone to enable a single user to approve on behalf of all approvers.
      3. Select Submit.