You can prevent from a malicious or accidental data loss by using the multi-person authorization feature.
1. Can the Get and Process Authorization and the deletion operations be edited or deleted?
To ensure security, the authorization and deletion operations cannot be edited or deleted. They can only be disabled for 24 hours, after which they will be re-enabled automatically.
2. Do the changes to the configuration of restricted operations (including authorization and deletion features) need approval?
Yes, any admin user making changes to configurations of restricted operations must receive approval from another admin user. For more information, see Restricting Workflow Operations.
3. Do users need special permissions to be an approver to authorize requests?
No, users do not need any specific permissions to approve a request. Instead, they must belong to the user group configured as the approver group.
4. How to select the user group that must serve as the approver group?
The potential user group must have equal or more users compared to the number of approvers configured on the feature.
5. What happens if the number of approvers in the user group is less than the number of approvers configured?
In the default scenario, where the master group is the approver group, and if a member of this group tries to delete an entity and no other approvers exist besides this user, an email notification will be sent to prompt the user to include additional members in the master group and resubmit the request. Alternatively, if an approver group has been specified, the task will remain in a pending state (until timed out), awaiting further approvals. In such cases, additional approvers must be added, and the request must be resubmitted.
6. Are there any default configuration values set in Get and Process Authorization?
Yes, the following are the default configurations:
-
Default approvers user group: This group has the individual users who can be the approvers. By default, the master group is chosen for approval and this value can be configured.
-
Default timeout for authorization in days: The default waiting period is set to 10 days, during which the request will remain pending approval. After this period, the user must create a new request.
-
Number of approvers: The default number of approvers is set to 1, which means the request requires approval form any one user among the approvers.
-
Use Global SMTP Sender Email: Move the toggle key to the right if the email to the specific users is sent based on the SMTP settings of the Commcell. By default, this option is disabled, and the email is sent on behalf of the requestor attempting the operation.
-
Email_Header: An email header can be provided for customizing email templates that are sent for the approval requests.
6. What is the tag-based authorization setting Allow Tenant Admins To Opt In for?
The setting is disabled by default, all the tenants associated with the CommCell will require approval for performing a specific operation.
If this setting is enabled, the tenant users with the additional setting configured, will need the approval to perform specific deletion operation. The tenants that do not have the setting configured can be able to delete the entity without any approval.
8. What are the actions that depend on the Get and Process Authorization operation?
The following actions depend on the Get and Process Authorization operation deployment:
-
Client Properties Modification Authorization
-
Delete Agent Authorization
-
Delete Backup Set Authorization
-
Delete Client Restriction
-
Delete Company Authorization
-
Delete Client Authorization
-
Delete Job Authorization
-
Delete Library Mount Path Authorization
-
Delete Plan Authorization
-
Enable Root Access Authorization
-
Delete Subclient Authorization
-
Delete SQL Database Authorization
-
Delete Storage Policy Authorization
-
Delete Storage Policy Copy Authorization
-
Modify Active Job Authorization
-
Modify Additional Settings Authorization
-
Restore Request Authorization
-
Subclient Properties Modification Authorization
-
Disable Compliance Lock
Some of these actions may require additional configurations for proper functionality.
All the other actions do not have dedicated authorization workflows and are not administered by the Get and Process Authorization operation.
9. What happens when the same configuration has different values between Get and Process Authorization and its dependent authorization operation?
The value set in the dependent authorization operation takes precedence over the Get and Process Authorization.
10. How are the users preferred to be the approver based on the configurations?
Based on the following scenarios the users are chosen as the approver:
-
When no user or user-group is designated for approval, and the default approver group is either the master group or any other group, the users within the specified approver group are considered as the approvers.
-
When the default approver group is empty and the user or user-group is set for approval, then the particular user or the user-group members are considered as the approvers.
-
When the user or user-group is set for approval along with the default approver group set, then all users along with the default approver group are considered as the approvers.
-
When the default approver group is empty and the users and user group is set empty, then the master group will be considered as the approvers.
-
When the tenant user is logged in, only the default tenant administrator group members are considered as the approvers.