Hierarchical policies in SuperOps.ai has four distinct levels through which policies can be deployed:
Policies can be differentiated based on:
who the client is
locations/sites the MSPs support for a client
What more? MSPs can have a unique policy for servers as opposed to a workstation.
The approval statuses include:
Approve, which automatically approves and executes patches
Manual, which executes patches after manual approval
Reject, which does not execute the patch
Defer, which delays the deployment of a patch for a period of time
How does defer patching help?
If you have a new set of patches that you'd like to test for stability and performance, you can defer these patches before you're confident about deploying them on your client's assets at scale. Click here to learn how to set up deferred patching.
You can view all the patches under the ‘All patches’ section in the Asset pane.
All patches seen under ‘All Patches’ view are the ones that were defined globally (i.e, without client, site or asset hierarchies).
If the global patches are set to be manually approved, the ‘Approval Status’ column in the ‘All patches’ section shows either Approve or Reject. This will help the technician decide what needs to be done.
If there's a site level policy and the technician approves a policy from the ‘All Patches’ view, this manual override is carried forward to the site level patches as well (even if the site level policy is set to execute automatically). Simply put, you can manually override site level policies.
In this case, an option to ‘Reject’ a patch is also shown although the patch is approved because that is a cue to not auto execute that patch in the future.
If the technician prefers to view site level patches that are auto approved, they can apply filters on the ‘All Patches’ view to see the respective approved patches.
If you would like all patches to be auto-approved, make sure to set up the global policy to ‘Approve’ on all counts.