In this article:
Introduction - Overview of Approval Chains
General Settings - General Approval Chain settings
Further Information - Where to go for further information
Introduction
Approval Chains enable organizations to manage and control the approval process for deploying software patches and updates. The primary function of Approval Chains is to provide a flexible and customizable flow for patch deployment approvals, allowing different levels of approval based on the criticality of the patches, their impact on the environment, and the risk associated with the deployment.
Approval Chains provide a granular and configurable approach to patch approvals, allowing IT teams to define different approval stages, assign specific roles and responsibilities for each stage, set approval thresholds, and specify the duration of the approval window. In addition, Approval Chains can be used to define fallback approval roles, in case the designated approvers are unavailable or do not respond within the approval window.
Approval Chains help to ensure that patch deployments are controlled, tested, and verified before they are rolled out across the environment, minimizing the risk of errors, security breaches, and system downtime. They provide a centralized view of the approval status of patches, enabling IT teams to track the progress of the approval process and take action if needed.
General Settings
The general settings section is for basic identifiable information, Name and Description. It is also where the Approval settings can be defined.
Name: The name used to identify this Approval Chain
Description: (Optional) A description used to describe the purpose or functionality of the chain.
Automatically Approval Timed Out Patches: If this is selected, any patches that have not been approved or rejected within the timeout duration specified in the Approval Layers will be automatically approved.
Reapprove Modified Approvals: If this is selected, any approvals that are modified by another user will require reapproval.
Approval Layers
Approval Layers are used to define the approval flow, and can be either single-stage or multi-stage. Each stage is assigned one or more security roles and can include various settings such as the required number of approvals, reminder intervals, timeouts, and fallback approval roles. These settings allow for greater control over the approval process and can help ensure that Patches are approved in a timely manner.
To add a set of approvers, select the Create Approval Layer button.
Next, click Add Roles and select one or more roles that contain the administrators that you would like to request approval from.
In addition to selecting the roles, the following options are available:
- Unanimous Approval Needed: select this option if you require every administrator in the selected role(s) to approve the patches before they will be deployed. If this option is selected, the next option is ignored and made unavailable for modification.
- Number of Approvals Needed: if unanimous approval is not selected then this option can be used to enforce a specific number of approvals needed to complete the respective approval layer. E.g. if the role contains 10 users and the number of approvals is set to 2, then any 2 out of the 10 approvers can approve the request and complete the approval layer. Be mindful to ensure that the number of approvals needed is less than the total number of approvers in the selected role(s).
- Backup Roles: Additional roles can be optionally added to serve as backup/fallback roles. If the main approvers do not approve the request within the timeout duration, the request can fall back to the backup approvers. E.g. if the main approvers are on out of the office for a period of time and are not available to process the request, it can fall back to a team of backup administrators, to prevent the deployment getting stuck.
- Reminder Intervals: Select 'Manage Reminder Intervals' to add reminder intervals for different urgency updates. If patches haven't been approved within the reminder interval, a notification will be sent to remind the administrator to approve or reject the request. For each urgency, if the values are all set to 0, then no reminder will be sent. E.g. it may be appropriate to send a reminder for critical and high urgency patches, but not for medium or low urgency patches.
- Approval Timeouts: Select 'Manage Approval Timeouts' to set timeout intervals for different urgency updates. If backup roles have been specified, the request will be sent to the backup approvers after the timeout period has elapsed. If backup roles have not been specified, the approval layer will time out, and the behaviour will be governed by the Automatically Approve Timed Out Patches setting in the General Settings section.
Additional Roles and Administrators can be added through the Security menu within the general settings.
To access this menu, select it from the cog icon in the top-right corner of the main UI:
Communication Providers
Communication Providers dictate which methods are used to send the requests for approval.
These include E-Mail, Microsoft Teams, SMS/Text Messaging, and WhatsApp. Additional Communication Providers can be created leveraging Adaptiva Workflows that can be integrate into other systems, or add additional logic or controls.
Further Information
For further information, please see the other resources in the Technical Reference Library or speak to a member of Adaptiva Support.
If you experience any issues or suspect there is a bug in Approval Chains, please log a support ticket and a member of the Adaptiva support team will be touch as soon as possible.
Comments
0 comments
Please sign in to leave a comment.