All Products
Search

This Product

    Data Management:Customize a ticket approval process

    Document Center

    Data Management:Customize a ticket approval process

    Last Updated:Feb 28, 2026

    Data Management (DMS) associates approval processes with security rules to control how database change tickets are reviewed and authorized. If the built-in ticket approval templates do not meet your business requirements, you can create a custom approval process and apply it to the security rules that govern your database instances.

    This topic walks you through creating a custom approval process, using a production database change ticket as an example.

    Overview

    Customizing an approval process involves three steps:

    1. Create an approval node -- An approval node defines *who* can approve tickets. You add one or more DMS users to each node, and a ticket passes the node when at least one of those users approves it.

    2. Create an approval template -- An approval template defines the *sequence* in which approval nodes are evaluated. Each template chains one or more nodes into an ordered approval flow.

    3. Apply the approval template to a security rule -- The template only takes effect after you bind it to a security rule associated with your database instances. This step connects the approval flow to the Rule DSL expressions that determine when the flow is triggered.

    Prerequisites

    • You are a database administrator (DBA) or a DMS administrator. For more information, see View system roles.

    • The database instance for which you want to customize an approval process is managed in Security Collaboration mode.

    Usage notes

    • Each database instance can be associated with only one security rule set. The security rule set can be the default security rule set or a custom security rule set.

    • We recommend that you specify at least two approvers in a ticket approval process. Otherwise, the approval result may be inaccurate or delayed.

    • DMS allows you to configure instance-level security rules. This means you can customize different approval processes for different database instances or databases. However, be aware of the following limitations in practice:

      • Each database instance has only one DBA. If you designate the DBA as the sole approver and the DBA is unavailable, the approval process stalls.

      • If multiple business units share the same database in a database instance, each unit may need to approve only the tickets for their own operations. Instance-level security rules do not currently support this kind of per-unit approval separation.

    Step 1: Create an approval node

    An approval node groups one or more users who are authorized to approve tickets at a particular stage in the workflow.

    1. Log on to the DMS console V5.0.

    2. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All Features > Security and disaster recovery (DBS) > Approval Processes.

      Note

      If you use the DMS console in normal mode, choose Security and disaster recovery (DBS) > Approval Processes in the top navigation bar.

    3. On the Approval Processes page, click the Approval Node tab. Click Create Approval Node, and then configure the parameters in the Create Approval Node dialog box.

      In this example, two approval nodes are created:

      • Test DMS Admin -- the test DMS administrator named db_doc is specified as the approver.

      • Test User -- the test user named dmsuser is specified as the approver.

      image

      Note

      You can specify one or more approvers for an approval node. When an approval node has multiple approvers, a ticket passes the node as soon as any one of them approves it.

    4. Click Submit.

      image

    Step 2: Create an approval template

    An approval template arranges your approval nodes into a sequential flow. Tickets pass through each node in the order you specify.

    1. On the Approval Processes page, click the Approval Template tab. Click Create Approval Template, and then configure the parameters in the Create Approval Template dialog box. In this example, the template is configured as follows: image

      • Name: Test User->Test DMS Admin

      • Remarks: Define an approval process. In this approval process, tickets are approved by dmsuser and then by db_doc.

      • Node order: Test User first, then Test DMS Admin.

    2. Click Submit.

    3. After the template is created, note the template ID -- you will need it in the next step. In this example, the template ID is 4617988.

      image

    Step 3: Apply the approval template to a security rule

    In this step, you bind your custom approval template to a security rule so that the template governs ticket approvals for the associated database instances.

    Step 3a: Edit the risk approval rule

    1. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All Features > Security and disaster recovery (DBS) > Security Rules.

      Note

      If you use the DMS console in normal mode, choose Security and disaster recovery (DBS) > Security Rules in the top navigation bar.

    2. On the Security Rules page, find the security rule set that you want to manage and click Edit in the Actions column.

      Expand to see how to view the security rule associated with an instance

      image

      image

    3. On the Details page of the security rule set, click SQL Correct in the left-side pane.

    4. On the SQL Correct tab, select Risk Approval Rules as the checkpoint. Find the security rule that applies to medium-level risk approval processes and click Edit in the Actions column.

      image

    5. In the Rule DSL field, replace the existing template ID with the ID of the approval template you created in Step 2. In this example, the template ID is replaced with 4617988.

      image

    6. Click Submit.

    7. On the SQL Correct tab, find the security rule and click Enable in the Actions column.

    Step 3b: Associate risk approval rules with risk identification rules

    1. Associate risk approval rules with risk identification rules.

      On the SQL Correct tab, select Risk Identification Rules as the checkpoint. Find the Production environment, default is medium risk rule and click Edit in the Actions column. In the Change Rule - SQL Correct dialog box, edit the domain-specific language (DSL) code in the Rule DSL field to apply the custom approval process to the databases of the specified environment type.

      image

      The following sample code provides an example on how to edit the DSL code in the Rule DSL field. The DSL code indicates that importing data to databases whose environment type is production is considered as an operation that may cause medium-level risks. In this case, the Test User->Test DMS Admin template is used as the approval template. 

         if
    @fac.env_type in ['product']
   then
    @act.mark_risk 'middle' 'Medium-level risk: online environment'.
   end

    Step 3c: Verify the result

    1. Verify whether the approval template is applied.

      Submit a ticket to import data to a database in the production environment. If the approval process shown in the approval dialog box matches the flow you configured, the approval template has been applied successfully. For more information, see Import data.

    What to do next

    After you set up a custom ticket approval process, configure how approvers receive ticket approval notifications. Supported notification methods include text message, DingTalk, and email. For more information, see Manage users and Configure notification by DingTalk Standard Edition, DingTalk Exclusive Edition, and Lark.

    FAQ

    Q: How do I specify different approvers for different databases?

    A: Assign different resource owners to each database. When you create an approval template, add the system node Owner as an approval node. This ensures that each database's designated owner is included in the approval flow for that database.