Enabling and Managing Patch Approval in SanerCVEM

Modified on Sun, 22 Jun at 4:24 PM

Purpose:
This article provides guidance on how to enable and configure Patch Approval within the Saner Patch Management (PM) module to control which patches can be deployed to endpoints.

Use Cases:

Enterprises requiring governance around patch deployment
Admins who want to define automated approval rules
Security teams that need tighter control over critical updates

Steps to Enable Patch Approval

Step 1: Access Patch Configuration

Log in to the Saner Console.
On the Saner PM Dashboard, click the gear icon ⚙️ to access Patch Configurations.

Step 2: Enable Patch Approval

Click the Configuration button to enable patch approval functionality.

Step 3 [Optional]: Enable Auto Patch Approval

Click Enable Auto Approval to configure automatic patch approvals.
Configure:
- Patch Group: Choose from All, Security, or Non-Security
- Patch Severity: Select from All, Critical, High, Medium, Low, or None
- Patch Released Days: Number of days after vendor release to consider for auto-approval

Step 4: Patch Cleanup Configuration

Set the number of older patch versions Saner PM should retain for rollback or backup.

Step 5 [Optional]: Enable Job Approval for Non-Approvers

Enable the Job Approvals checkbox to allow non-approver users to create jobs for already approved patches.

Step 6: Save Configuration

Click Update to save your patch approval settings.

Managing Patch Approval Access

Default Behavior:

Admins and Org Admins have patch approval access by default.
New users also get patch approval access unless marked as read-only.

To Grant Access:

In Patch Configuration > Patch Approval Access table:
Select a user and click Grant to provide approval rights.

To Revoke Access:

Select the user in the table.
Click Revoke to remove approval rights.

Additional Notes

Use the Search box to quickly find users.
Email and roles are shown alongside approval access status.
Users with patch approval can approve both patches and remediation jobs.