Approval workflows
At a glance
Approvals let you require human validation before any sensitive operation on your data. Define configurable policies (resource type, operation, number of approvers) and track each request from creation to resolution.
Before you begin
- You must have the Administrator role or the
governance.adminscope to create policies. - The
governance.approvescope is required to approve or reject a request. - The relevant entity types must exist in your ontology.
Steps
Create an approval policy
- Open the Governance module from the sidebar.
- Select the Approvals tab.
- Click New policy.
- Configure the parameters:
| Parameter | Description | Example |
|---|---|---|
| Resource type | The type of object concerned. | Instance, Entity type, Pipeline |
| Operation | The action that triggers the approval. | Create, Modify, Delete |
| Required approvals | The minimum number of validations. | 2 |
| Approver roles | The roles authorized to validate. | Manager, Admin |
| Self-approval | Can the requester self-approve? | No (recommended) |
| Conditions | Optional trigger criteria. | Number of instances > 10 |
- Click Save to activate the policy.
Submit a request
When a policy is active, any covered operation automatically generates an approval request:
- The user performs the operation (e.g., delete an instance).
- The operation is put on hold instead of being executed.
- Approvers receive a notification.
- The request appears in the Pending queue.
Process a request
- Open the Approvals tab of the Governance module.
- Check the Pending queue.
- Click on a request to view the details:
- Who requested the operation and when
- Which operation is involved
- On which data
- Choose an action:
- Approve — validates the operation (with optional comment)
- Reject — refuses the operation (comment required)
tip
If the quorum requires 2 approvals, the first validation moves the request to "In progress" status. The operation is only executed after the second approval.
Cancel a request
The requester can cancel their own request as long as it has not been fully approved.
Expected result
Your sensitive operations are protected by a validation workflow. Each request is traced with its complete history (who requested, who approved/rejected, when, why).
Limitations and common errors
| Situation | Solution |
|---|---|
| "Access denied" when creating a policy | Verify that your role has the governance.admin scope. |
| The request remains stuck in pending | The quorum has not been reached. Contact the designated approvers. |
| A policy does not trigger | Verify that the resource type and operation match exactly. |
| "Self-approval not allowed" | The policy prohibits the requester from validating their own request. Another approver must intervene. |
Need help?
Contact us: Support and contact.