Create configurations for an approval rule

릴리스 버전: Australia

업데이트 날짜 2026년 03월 12일

소요 시간: 6분

Define the conditions to filter out matching vulnerable items, remediation tasks, or exception rules for an approval level.

시작하기 전에

Role required: sn_vul.vulnerability_admin

이 태스크 정보

In the Approval Configurations module, you can configure multiple levels of approval for different configurations. Define condition-based rules, with each rule containing multiple levels of approval.

주:

Use the Approval rules module to configure approval rules for the exception management workflows. For information on configuring approval rules, see Configure approval rules for Exception Management.

프로시저

Navigate to All > Vulnerability Response > Administration > Approval Rules.
Select an approval rule and navigate to the Approval Configurations tab.
Select a configuration.

On the form, fill in the fields.

표 1. Approval Configuration form
Field	Description
Name	Approval configuration name.
Approval rule	Contains the table and type details for the approval rule.
Order	Execution order of various configurations within a rule. For example, a configuration with an order entry of 100 is run before a configuration with an order entry of 200.
Active	Enabled by default, signifying that the approval configuration is in use.
Description	Short description of the approval configuration levels.

Set a condition for the vulnerable items or remediation tasks in one of the following ways:


Field	Description
Condition	Identifies the matching vulnerable items or remediation tasks.
Advanced condition	Script that defines the condition for the vulnerable items or remediation tasks. 주: This field appears when you select the Advanced check box.

Select Update.
You can define conditions containing multiple levels of approval within a rule. The flow designer automatically inherits the rules created in this module and processes the matching approval workflow. For information on configuring approval levels, see Create approval levels for Exception Management.

예

You can define different approval paths for:

Example 1: Different types of vulnerabilities or configuration items (internet facing or internal).
Example 2: Deferral and risk reduction requests when a remediation owner raises these requests concurrently for host vulnerable items (VITs) or remediation tasks (VUL).
The Change Approval column holds the deferral state change approval records. When you set a condition on the Change approval column using the condition builder, the deferral approval record is considered but not the risk reduction approval record. So, to set the condition on the risk reduction state change approval record, use the Advanced condition field.
For the Exception request for vulnerable items approval rule, the Request for risk rating from Medium to Low approval configuration is shipped with the base system. This configuration is set to false by default. You can use this configuration to set an approval path for the risk reduction requests from Medium to low. You can also update the script in this configuration so that it is applicable for various risk rating changes in the risk reduction requests.
Request for risk rating from Medium to Low configuration:
```
function evaluate() {
    var gr = new GlideRecord("sn_vul_change_approval");
    gr.addQuery("sys_id", approval);
    gr.addQuery("current_value", "3 - Medium");
    gr.addQuery("desired_value", "4 - Low");
    gr.query();
    if (gr.next()) {
        return true;
    }
    return false;
}
evaluate();
```
Set the preceding configuration to true with lowest order and set the Default configuration - Exception request for VI configuration to true.
Result: When a remediation owner raises a deferral and risk reduction requests concurrently from the IT Remediation Workspace, the deferral approval requests are redirected to the approvers defined in the Default configuration - Exception request for VI and the risk reduction approval requests are redirected to the approvers defined in the Request for risk rating from Medium to Low configuration.