Multiple Approval Sub-Actions - Documentation topics on: four eyes principle,require multiple approvers,workflow subactions,.

Multiple Approval Sub-Actions

The “Require Multiple Approval” and “'Four Eyes' Approval” Workflow Sub-Actions allow you to require the approval of two or more users before a content item is allowed to continue within the Workflow.

The main difference between these two Sub-Actions is that the “Require Multiple Approval” Sub-Action requires that all specified users must approve the content, while the “'Four Eyes' Approval” Sub-Action allows you to choose how many of the specified users must approve the content.

Required Approvals

Both of these Sub-Actions work by requiring appropriate users to approve the content. To approve the content, users must execute the Workflow Action that the Sub-Action is included in. When an authorized user executes the Workflow Action, the appropriate Sub-Action is executed to approve the content and, if appropriate, continue processing the content.

Authorized Users

You must specify which users are authorized to approve the content within the Sub-Action (via the “User IDs, Emails, or Role Keys” parameter). To specify users, you must provide a comma-separated list which combines any of the following:

  • User IDs
  • Roles
  • Email Addresses
    • Each email address must match the email address of a user in the dotCMS system.

Note: The list of authorized users is not connected to or derived from the permissions which specify which users can execute the Workflow Action.

  • If a user is not on the list of authorized users, the Workflow Action will still execute and perform all Sub-Actions listed before the approval Sub-Action.
    • But the Workflow Action will stop as soon as the approval Sub-Action is encountered (and neither the approval Sub-Action nor any of the Sub-Actions which follow it will be executed).
  • If a user is included in the list of authorized users but is not given permissions to the Workflow Action, they will never be able to approve content, because they will not see the Action.
    • This is particularly a problem if the “Require Multiple Approvers” Sub-Action is used, since it requires all authorized users to approve the content, but not all of them will be able to take the Action.
    • For ways to help avoid this problem, please see Best Practices, below.

Number of Users

  • For the 'Four Eyes' Approval”, the number of users who must approve the content is specified in the Sub-Action parameters.
  • For the “Require Multiple Approval”, all the specified users must approve the content.

Execution Process

Each time any user in the specified list of users executes the Workflow Action, the Sub-Action is executed and the following takes place:

  • The number of approvals for the content is incremented by 1.
  • If the number of approvals equals or exceeds the required number of users then:
    • All following Sub-Actions are executed.
    • The content is moved to the “Next Step” configured for the Workflow Action.
  • Otherwise (if not enough users have approved the content), execution of the Workflow Action stops:
    • None of the following Sub-Actions are executed.
    • The content is not moved to the “Next Step” specified in the Workflow Action.

Determining Approval Status

To check which users have approved the content, you may open the content item in the Workflow Queue and view the “Change History” tab. This tab shows all Workflow Actions which have been taken on the content by all users, allowing you to see which users have approved the content at any point in time.

Best Practices

  • Use only one of these Sub-Actions in a single Workflow Action.
    • In addition, if you use only one of these Sub-Actions in all your Workflow Schemes it will make the approval process more consistent and less confusing for content authors and approvers.
  • Include only one Workflow Action which requires approval in each Workflow Step.
    • Having multiple Workflow Actions which may require approval can be confusing for both users and administrators.
    • If you do wish to have multiple Actions in the same Workflow Step which require approval, consider setting the permissions for these Actions to prevent any single user from having access to both Actions.
  • Consider using the “'Four Eyes' Approval” Sub-Action instead of the “Require Multiple Approval” Sub-Action.
    • The 'Four Eyes' Approval allows you to manage authorization using Role Keys rather than individual user accounts.
    • The Four Eyes principle is more flexible, allowing you to easily increase or decrease the stringency of the approval process with a simple change in the Sub-Action parameters.
  • Use the 'Four Eyes' approval with Roles to manage both which users have permissions for the Workflow Action and which users are authorized to approve content.
    • This makes it much easier to avoid a mis-match between the Action permissions and the list of authorized users.
    • This also makes it much easier to manage the approval process when users join or leave the appropriate group.
      • If the Action permissions and authorized users are both tied to the same Role, then you may easily add and remove users by just assigning or removing the appropriate Role on the appropriate user accounts.