Quick Service enables administrators to designate specific zones, networks, and their child objects to require approval for changes (addition, modification, and deletion). As a result, an approval request is created every time users make changes to such zones, networks, and their child objects.
Objects that require approval for changes are referred to as approval-managed objects while users assigned to approve or decline the changes are referred to as approvers.
The following conditions apply:
-
When creating approval-managed zones and networks (approval-managed objects), administrators must assign at least one approver to each zone and network. Multiple approvers can be assigned to each zone and network.
-
Requests to create, edit, or delete approval-managed objects require approval from one of the approvers assigned to that specific zone or network, or from an administrator.
-
Administrators can modify the list of approvers for existing approval-managed objects.
-
In the Approval Lifecycle table, approvers see only the requests associated with the zones and networks to which they are assigned. Administrators can see all approval requests and can approve any request. For details, refer to Approval lifecycle page.
-
When adding a new approval-managed zone, administrators can use the Inheritance option to choose whether the parent's protection settings should automatically apply to its child objects. If this option is enabled, child objects automatically inherit the parent's approval requirements. For more details, refer to Approval managed objects tab.
The following table provides details on the approval permissions configured for each user role:
| User Role | Approval Permissions |
|---|---|
| Administrator | Can make changes to any approval-managed objects without requiring approval, and can approve any changes made by approvers and regular users. |
| Approver | For own changes made to approval-managed objects, requires approval
from either the administrator, or a specific approver assigned to
approve changes to those specific objects. Can approve changes made by
regular users, but only for the specific objects the approver is
assigned to approve. Note:
|
| Regular user | Requires approval from either the administrator or an approver for changes made to approval-managed objects. |
In addition, administrators can perform the following actions:
-
Use the Approval managed objects tab to view and manage these objects. For details, refer to Approval managed objects tab.
-
Use the Manage Approvers tab to view and manage approvers. For details, refer to Manage Approvers tab.
Approval lifecycle
This section provides a high-level overview of the approval lifecycle for a change made to an approval-managed object. For additional details, refer to Approval lifecycle page.
-
A non-admin user makes a change to an approval-managed object (zone or network) or its child objects that are part of approval lifecycle.
-
The user clicks the Request change button to enable the creation of an approval request for that specific action (create, edit, or delete). The standard Submit button in the Create/Edit/Delete forms is replaced by the Request change button for approval-managed objects.Note: The following conditions apply:
-
Users can create multiple approval requests within the same approval-managed zone or network, as long as each request targets a different object. For example, they can add two different subzones or edit two different IP addresses.
-
Users can create parallel requests for different object types or hierarchy levels. For example, they can edit one subzone and add a resource record inside another.
-
Users cannot create more than one open Edit and Delete request for the same object. For example, they cannot edit the same subzone twice or edit an IP address if an edit request for it is already open. Attempting to do so will result in an error.
-
-
If an open approval request for the same operation on the selected object does not already exist, the request is successfully created. The Approval lifecycle table displays this request with the status Pending.Note: At this stage, the user (creator of the request) can choose to cancel the approval request if required. To do so, navigate to the Approval lifecycle table, then click the eye icon (View details). In the View approval details window that opens, select Cancel. As a result, the status of the request is updated to Cancelled.
-
An approver assigned to review requests for that specific object, or an administrator, reviews the approval request. One of the following occurs in the Approval lifecycle table:
-
If the request is approved, the status of the request is updated to Approved, and the change is applied to the object.
-
If the request is declined, the status of the request is updated to Declined, and the change is not applied to the object.
-
If the request approval fails due to an error, the status of the request is updated to Failed.
Note:-
Once a request reaches a closed state (Applied, Declined, Cancelled, or Failed), new requests can be created for that object.
-
When both Edit and Delete requests are open for the same object, here's what happens after the Delete request is processed:
-
If the Delete request is approved:
-
The object is removed.
-
The open Edit request can no longer be applied. Therefore, approvers or administrators can decline the Edit request (in which case, the status changes to Declined). If approvers or administrators approve the Edit request instead, the request fails with an error, and the Edit request status changes to Failed.
-
-
If the Delete request is declined:
-
The Edit request remains valid and can be approved or declined.
-
-
-