Add an exception approver for Configuration Compliance

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • Add users to the approver groups so that you can request an exception for a remediation task in Configuration Compliance.

    Before you begin

    Role required: sn_vulc.admin

    About this task

    An exception request for a remediation task is approved using the default two-level approval workflow. Adding users to the first-level group is mandatory. If there are no users in the second level, the request is automatically approved after the first-level approval.
    Note:
    If there's no first-level approver, an exception can't be requested.
    Note:
    Upto Configuration Compliance v13.0, if there's no first-level approver, an exception can't be requested. However, starting from Configuration Compliance v13.0, if you are deploying the CC application for the first time, the flow designer for exception management is enabled by default. If you are already using the workflow, you can update to the flow designer. In both cases, you cannot change it back to workflow.

    Procedure

    1. Navigate to All > System Security > Users and Groups > Groups.
    2. In the Name column, search for Exception, and click Exception Approver - Level 1 CC.
      Note:
      Starting from Configuration Compliance v14.7.5, you can use the system properties provided in the base system for exception approvals via workflow in the System Properties [sys_properties] table. So, when an exception request is raised via workflow, it’s sent for approval to the group IDs defined in the system property. Navigate to All > System Properties and select sn_vulc.exception_approver_L1_CC or sn_vulc.exception_approver_L2_CC to change the property value.
    3. On the Group Exception Approver - Level 1 CC form, navigate to Group Members > New (or Edit).
    4. On the form, fill in the fields.
      Table 1. User form
      Field Description
      User ID Unique identifier for the user.
      First name User's first name.
      Last name User's last name.
      Title User's job title. Enter a title or job description, or select one from the list.
      Department User's department.
      Password Password assigned to the user. This password can be permanent or temporary.
      Password needs reset Option to enable the user to reset the password to ensure security.
      Locked out Option to lock the user out of the instance and terminate all the user's active sessions. The system prevents users with the admin role from locking themselves out.
      Active Option to make this user active. Only you can see an inactive user in these areas:
      • Lists of users
      • Selection list on reference fields (magnifying glass icon)
      • Auto-complete list that appears when you type into a reference field
      Web service access only Option to designate this user as a non-interactive user.
      Internal Integration User Option to designate this user as an internal integration user.
      Email User's email address.
      Language User's preferred language.
      Calendar integration Calendar used to manage the work schedule. For example, Outlook.
      Time zone Time zone for this user's location.
      Date format User's preferred format for dates.
      Business phone User's business phone.
      Mobile phone User's mobile phone.
      Photo Photo that you can upload by clicking on Click to add....
    5. Click Submit.
    6. Optional: Repeat steps 1–5 to create an Exception Approver - Level 2 CC.
      Note:
      While creating a second level approver, select Exception Approver - Level 2 CC
    7. Optional: If you select Edit, move users from the Collection to the Group Members panel and click Save.
      The approver must navigate to All > Configuration Compliance > My Approvals and approve requests.