All Products
Search
Document Center

Data Management:Customize approval processes

Last Updated:Jan 24, 2024

In Data Management (DMS), approval processes are associated with security rules. If the ticket approval templates of DMS do not meet your business requirements, you can customize approval processes. This topic describes how to create a custom approval template and apply the approval template to a security rule.

Prerequisites

  • You are a database administrator (DBA) or a DMS administrator. For more information, see View system roles.

  • The database instance for which you want to customize approval processes is managed in Security Collaboration mode.

Usage notes

  • Each database instance can be associated with only one security rule. The security rule can be the default rule or a custom rule.

  • If only one approver is specified for an approval node, the approval result may be inaccurate or delayed. To prevent this issue, we recommend that you specify at least two approvers for an approval node.

  • DMS allows you to configure instance-level security rules so that you can customize different approval processes for different database instances or databases. However, instance-level security rules may have the following restrictions in the actual business environment:

    • Each database instance has only one DBA. If you specify the DBA as the approver of an approval process, the approval process may be delayed if the DBA cannot respond in time.

    • If multiple business units share the same database in a database instance, each business unit may want to approve only the tickets for their respective business operations. However, the current instance-level security rules do not allow you to implement this type of approval process.

Procedure

Step 1: Create an approval node

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, choose Security and Specifications > Approval Processes.

    Note

    If you are using the DMS console in simple mode, you can move the pointer over the 2023-01-28_15-57-17 icon in the upper-left corner of the console and choose All functions > Security and Specifications > Approval Processes.

  3. On the Approval Processes page, click the Approval Node tab. On the Approval Node tab, click Create Approval Node. In the dialog box that appears, configure the parameters that are described in the following table.

    Parameter

    Required

    Description

    Node Name

    Yes

    The name of the approval node. You can set the name to the role of the approver that you want to specify for the approval node. Example: test leader or database owner.

    Remarks

    Yes

    The description of the approval node.

    Approver

    Yes

    The user that you want to specify as an approver for the approval node. You can specify one or more approvers. If one of the approvers approves a ticket, the ticket is approved.

  4. Click Submit.

Step 2: Create an approval template

  1. On the Approval Processes page, click the Approval Template tab.

  2. On the Approval Template tab, click Create Approval Template. In the dialog box that appears, configure the parameters that are described in the following table.

    Parameter

    Required

    Description

    Template Name

    Yes

    The name of the approval template. Example: Owner or DBA.

    Remarks

    Yes

    The description of the approval template.

    Approval Node

    Yes

    Click Add Node. In the Add Approval Node dialog box, find the approval nodes that you want to use and click Select in the Actions column. In this example, the system node Owner and the approval node that is created in Step 1 are selected to allow multiple roles to participate in an approval process.

    Note

    The approval process is implemented based on the values of the Approval Order parameter in ascending order.

  3. Click Submit.

  4. After the approval template is created, you can view the ID of the approval template on the Approval Template tab. Copy the template ID.

Step 3: Apply the approval template to a security rule

  1. In the top navigation bar of the DMS console, choose Security and Specifications > Security Rules.

    Note

    If you are using the DMS console in simple mode, move the pointer over the 2023-01-28_15-57-17 icon in the upper-left corner and choose All functions > Security and Specifications > Security Rules.

  2. On the Security Rules page, find the security rule that you want to manage.

    You can go to the homepage of the DMS console. In the left-side navigation pane, right-click the database instance that you want to manage and select View Details. In the dialog box that appears, view the security rule that is applied to the database instance.

  3. Click Edit in the Actions column to go to the details page of the security rule.

  4. Click the SQL Correct tab.

  5. On the SQL Correct tab, select Risk Approval Rules as the checkpoint. Find the rule that you want to manage and click Edit in the Actions column.

  6. In the Change Rule - SQL Correct dialog box, change the template ID that is displayed in the Rule DSL field. Replace the original template ID with the new template ID.

  7. Click Submit.

Step 4: Verify that the security rule is associated with the database instance

The custom ticket approval template takes effect only if the security rule is associated with the database instance.

Example

This section provides an example on how to specify two approvers in an approval process and use the approval process to approve tickets for data import.

  1. Log on to the DMS console. In the top navigation bar, choose Security and Specifications > Approval Processes.

  2. On the page that appears, click the Approval Node tab and create two approval nodes, which are db_doc and dmsuser.

  3. Click the Approval Template tab. On the Approval Template tab, click Create Approval Template. In the Create Approval Template dialog box, configure the Template Name and Remarks parameters.

  4. Click Add Node. In the Add Approval Node dialog box, select db_doc and dmsuser in sequence, and then click Submit.

  5. After the approval template is created, you can view the ID of the approval template on the Approval Template tab. Copy the template ID.

  6. Apply the new approval template to the security rule that is applied to a database instance.

    Note

    In this example, the rule that is applied to medium-level risk approval processes is used.

    1. In the top navigation bar of the DMS console, choose Security and Specifications > Security Rules.

    2. On the Security Rules page, find the security rule that is applied to the database instance and click Edit in the Actions column.

    3. Click the SQL Correct tab.

    4. On the SQL Correct tab, select Risk Approval Rules as the checkpoint. Find the rule that is applied to medium-level risk approval processes and click Edit in the Actions column.

    5. In the Change Rule - SQL Correct dialog box, change the template ID that is displayed in the Rule DSL field. For example, replace the original template ID 1596838 with the new template ID 3070327.

    6. Click Submit. Then, enable the rule that is applied to medium-level risk approval processes.

  7. Associate risk approval rules with risk identification rules.

    To use the custom approval process to approve tickets for data import, you must configure risk identification rules to specify the data import operations that are performed on online databases in a production or staging environment as a medium-level risk.

  8. Check whether the custom approval process takes effect. In this example, a ticket for data import is submitted.

    If the approval progress displayed in the Approval Details message is consistent with the approval nodes in the approval template applied to the custom approval process, the custom approval process takes effect.

Suggestions

  • After you customize a ticket approval process, you can perform the following operations:

    • Submit a ticket such as database export to test whether the approval process works as expected.

    • Configure the methods used to receive ticket approval notifications for users who are added to DMS, such as text message, DingTalk, and email. For more information, see Manage users.

  • If you have questions about custom approval processes, join the DingTalk group (ID 21991247) to contact the DMS team.

FAQ

Q: How do I specify different approvers for different databases?

A: You can specify different resource owners for different databases and then add system node owners to the approval template.