Hierarchical policies in SuperOps.ai has four distinct levels through which policies can be deployed:

  1. Global

  2. Client

  3. Site

  4. Asset

Policies can be differentiated based on:

  • who the client is

  • their usage

  • locations/sites the MSPs support for a client

What more? MSPs can have a unique policy for servers as opposed to a workstation.


Hierarchical policies in SuperOps.ai are defined by the Patch Category and Patch Severity matrix.


The approval statuses include:

  • Approve, which automatically approves and executes patches

  • Manual, which executes patches after manual approval

  • Reject, which does not execute the patch

  • Defer, which delays the deployment of a patch for a period of time

How does defer patching help?

If you have a new set of patches that you'd like to test for stability and performance, you can defer these patches before you're confident about deploying them on your client's assets at scale. Click here to learn how to set up deferred patching.

You can view all the patches under the ‘All patches’ section in the Asset pane.


All patches seen under ‘All Patches’ view are the ones that were defined globally (i.e, without client, site or asset hierarchies).

  • If the global patches are set to be manually approved, the ‘Approval Status’ column in the ‘All patches’ section shows either Approve or Reject. This will help the technician decide what needs to be done.

  • If there's a site level policy and the technician approves a policy from the ‘All Patches’ view, this manual override is carried forward to the site level patches as well (even if the site level policy is set to execute automatically). Simply put, you can manually override site level policies.

  • In this case, an option to ‘Reject’ a patch is also shown although the patch is approved because that is a cue to not auto execute that patch in the future.


If the technician prefers to view site level patches that are auto approved, they can apply filters on the ‘All Patches’ view to see the respective approved patches.


If you would like all patches to be auto-approved, make sure to set up the global policy to ‘Approve’ on all counts.

Did this answer your question?