You must have the Administrator, Exception Manager, or Exception Approval Manager role.
Secure Configuration Manager categorizes the exceptions according to their current approval status:
Approved
Needs approval
Disapproved
If exceptions are not required to be approved, then Secure Configuration Manager automatically places exceptions in the Approved category.
For each exception, you can review its purpose or reason for use, who created or last modified it, and the affected endpoints, groups, or security checks. You can also determine how the exception was created: from within a report or using the batch method.