Using action approval

Some organizations implement two-person integrity, which means that actions a user initiates cannot run until another user approves those actions. Approvers can be users with the full Administrator role or users with the special action approval role. If your organization allows exceptions to approval requirements, you can assign a bypass approval role.

Create an action approver role

  1. Go to Permissions > Roles.
  2. Create an advanced role that grants Approve Action permission on the content sets you specify.
  3. Save the configuration.

Create a bypass action approval role

  1. Go to Permissions > Roles.
  2. Create an advanced role that grants Bypass Action Approval permission on the content sets you specify. Actions created by a user with this permission are not subject to approval requirements.
  3. Save the configuration.

Assign the action approval and bypass roles to users

  1. Go to Administration > Users.
  2. Click the row for a user and click Edit.
  3. Assign one of the roles you created for action approvers or users who can bypass action approval.
  4. Save the configuration.

Enable or disable action approval

  1. Go to Administration > Global Settings.
  2. Select the require_action_approval setting and click Edit.
  3. Change the setting value to 1 (enable) or 0 (disable), and click Save.

If you disable action approval, actions pending approval cannot be completed. To avoid this, ask your approver to clear the list of actions pending approval before disabling the feature. Alternatively, review the actions on the Actions > Action History page and reissue actions as necessary for the desired results.

Review the All Pending Approval grid

When action approval is enabled, users with the Administrator reserved role can display the Actions > All Pending Approval page. The page is filtered to show the backlog of actions that are waiting for approval, but otherwise it has the same fields and action buttons as the Actions > Scheduled Actions page (see Administer scheduled actions).

Figure  1:  All Pending Approval page

Approve pending actions

  1. Log in as a user with the Administrator role or an action approver role. The Tanium Console displays the number of actions requiring approval.
  2. Go to Actions > Actions I Can Approve.

    You can use text filters and row sorting to find actions that you want to review.

  3. Select the action you want to approve and click Approve.
  4. Review the action configuration and click Approve Action.
  5. Enter your password to complete the approval.

Approval of a scheduled action remains in force until the schedule ends or someone modifies the scheduled action configuration.

Last updated: 5/3/2019 8:37 AM | Feedback