To enable the Multi-Person Authorization feature, you must download, import, and deploy various authorization workflows from the Commvault Store. To download and view more information about each workflow, click the name of the workflow under the Authorization Workflow column.
Each workflow is designed for a specific operation. These workflows use a common internal workflow, called Get And Process Authorization, to request approvals from the appropriate approvers based on the configurations.
Each individual workflow provides optional configuration that can be configured to meet various requirements. Configurations set in an individual workflow will override the identical configuration set in the Get And Process Authorization workflow.
The following configurations are available in both the Get and Process Authorization workflow and the individual workflows:
-
Users who can authorize the request: The selected users can authorize requests.
-
User groups which can authorize the request: The users of the selected user groups can authorize requests.
-
Number of approvers: Number of users required to authorize the request.
To configure the imported workflow, on the Command Center, go to Developers tool > Workflow, click the Action button 
beside the workflow, select Configurations, and modify the settings as needed.
| Authorization Workflow | Description | Configurations |
|---|---|---|
| Client Properties Modification Authorization | You can download and deploy this workflow in your CommCell environment to authorize the exclusion of clients from the SLA and disable backup activity operations. | Select client groups in which excluding subclient from SLA will need authorization: The workflow will run for the selected client groups. This option applies to all of the supported client properties. |
| Delete Company Authorization | You can download and deploy this workflow in your CommCell environment to authorize when a user attempts to delete a company. | - Users who can authorize the request: The selected users can authorize requests for deleting a company. - User groups which can authorize the request: The users of the selected user groups can authorize requests for deleting a company. - Number of approvers: Number of users to authorize the request. |
| Delete SQL Database Authorization | You can download and deploy this workflow in your CommCell environment to authorize when a user attempts to delete the SQL Database. | N/A |
| Modify Active Job Authorization | You can download and deploy this workflow in your CommCell environment to authorize for killing or suspending the active jobs on Job Controller. | - Set two factor authorization for Master user: Selecting this option will enforce Master group users to require authorization as well. - Users who can authorize the request: The selected users can authorize requests for modifying active jobs. - User groups which can authorize the request: The users of the selected user groups can authorize requests for modifying active jobs. - Number of approvers: Number of users required to authorize the request. |
| Modify Additional Settings Authorization | You can download and deploy this workflow in your CommCell environment to authorize when a user modifies a company's additional setting associated with the Security IQ dashboard. | N/A |
| Restore Request Authorization | You can download and deploy this workflow in your CommCell environment to authorize when the user requests restore operation. | - Select client groups for which restore requests will need authorization: The selected restricted client groups need authorization to perform restores. - Select users to perform restore operations without authorization: The selected users are allowed to perform restores. - Select user groups to perform restore operation without authorization: Users in the selected user groups are allowed to perform restores. - Set two factor authorization for Master user: Selecting this option will enforce Master group users to require authorization as well. - Users who can authorize the request: The selected users can authorize requests for restoring a job. - User groups which can authorize the request: The users of the selected user groups can authorize requests for restoring a job. - Number of approvers: Number of users required to authorize the request. |
| Subclient Properties Modification Authorization | You can download and deploy this workflow in your CommCell environment to authorize the requests to update the subclient properties. | Select client groups in which excluding subclient from SLA will need authorization: The workflow will run for the subclients in the selected client groups. This option applies to all of the supported subclient properties. |
| Uninstall/Delete Client Restriction | You can download and deploy this workflow in your CommCell environment to authorize the uninstallation, retirement, and deletion of clients associated with the client group selected in the Restrict Client Groups configuration. | Restrict Client Groups: Select the client groups for which the associated clients require authorization to perform uninstall, retire, and delete client request. |
Default authorization operations associated with Get and Process Authorization
By default, the following deletion operations are enabled on Command Center and are associated with the Get and Process Authorization operations. For more information about configuring the deletion operation, see Using the Default Deletion Operations in the Command Center.
| Authorization Operations | Description | Optional Configurations |
|---|---|---|
| Delete Client Authorization | This operation triggers the authorization email request to retire and delete the server from the Commcell or company level. | - Select client groups for which client deletion will need authorization:The deletion of clients from selected client groups would require authorization. - Users who can authorize the request: The selected users can authorize requests for deleting the client . - User groups which can authorize the request: The users of the selected user groups can authorize the requests for deleting the client. - Number of approvers: Number of users to authorize the request. - Delete Client: By default, requires authorization from the configured approvers to delete a client. Move the toggle key to the left to skip authorizations and perform the delete operation. - Retire Client: By default, requires authorization from the configured approvers to retire a client. Move the toggle key to the left to skip authorizations and perform the retire operation. |
| Delete Storage Policy Authorization | This operation triggers the authorization email request to delete the storage policies that is associated with a plan. | - Users who can authorize the request: The selected users can authorize the email request. - User groups which can authorize the request: The users of the selected user groups can authorize the email requests. - Number of approvers: Number of users required to authorize the request. |
| Delete Storage Policy Copy Authorization | This operation triggers the authorization email request to delete the storage policy copies that is associated with a plan. |
- Users who can authorize the request: The selected users can authorize the email request.
- User groups which can authorize the request: The users of the selected user groups can authorize the email requests. - Number of approvers: Number of users to authorize the request. |
| Delete Library Mount Path Authorization | This operation triggers the authorization email request to delete a library, a mount path, or a backup destination. | - Users who can authorize the request: The selected users can authorize the email request. - User groups which can authorize the request: The users of the selected user groups can authorize the email requests. - Number of approvers: Number of users to authorize the request. |
| Disable Compliance Lock | This operation triggers the authorization email request to disable Compliance Lock option on storage. Note: WORM Storage cannot be disabled. It is not possible to disable Compliance lock without appropriate authorization code. | - Users who can authorize the request: The selected users can authorize the email request. - User groups which can authorize the request: The users of the selected user groups can authorize the email requests. - Number of approvers: Number of users to authorize the request. |
| Delete Agent Authorization | This operation triggers the authorization email request when a user attempts to delete the storage policies that is associated with a plan.Note: This operation is enabled by default on Command Center. | - Users who can authorize the request: The selected users can authorize requests for deleting an agent. - User groups which can authorize the request: The users of the selected user groups can authorize requests for deleting an agent. - Number of approvers: Number of users to authorize the request. - Delete Agent: By default, requires authorization from the configured approvers to delete an agent. Move the toggle key to the left to skip authorizations and perform the delete operation. - Retire Agent: By default, requires authorization from the configured approvers to retire an agent. Move the toggle key to the left to skip authorizations and perform the retire operation. |
| Delete Backup Set Authorization | This operation triggers the authorization email request when a user attempts to delete a backup set. | - Select client groups for which backup set deletion will need authorization: The deletion of backup set from selected client groups would require authorization. - Users who can authorize the request: The selected users can authorize requests for deleting a backup set. - User groups which can authorize the request: The users of the selected user groups can authorize requests for deleting a backup set. - Number of approvers: Number of users required to authorize the request. |
| Delete Jobs Authorization | This operation triggers the authorization email request when a user attempts to delete a job from a storage policy copy. | - Set two factor authorization for Master user: Selecting this option will enforce Master group users to require authorization as well. - Users who can authorize the request: The selected users can authorize requests for deleting a job. - User groups which can authorize the request: The users of the selected user groups can authorize requests for deleting a job. - Number of approvers: Number of users to authorize the request. |
| Delete Plan Authorization | This operation triggers the authorization email request when a user attempts to delete a plan. | - Select client groups for which backupset deletion will need authorization: The deletion of backup set from selected client groups would require authorization. - Users who can authorize the request: The selected users can authorize requests for deleting a plan. - User groups which can authorize the request: The users of the selected user groups can authorize requests for deleting a plan. - Number of approvers: Number of users required to authorize the request. |
| Delete Subclient Authorization | This operation triggers the authorization email request when a user attempts to delete a subclient. | - Users who can authorize the request: The selected users can authorize requests for deleting a subclient. - User groups which can authorize the request: The users of the selected user groups can authorize requests for deleting a subclient. - Number of approvers: Number of users to authorize the request. |
| Delete Tape Media Contents Authorization | This operation triggers the authorization email request when a user attempts to delete a tape media or media contents. | - Users who can authorize the request: The selected users can authorize requests for deletion. - User groups which can authorize the request: The users of the selected user groups can authorize requests for deletion. - Number of approvers: Number of users to authorize the request. |
| Update Approval User Group Authorization | This operation triggers the authorization email request when a user attempts to update the members of a user-group configured as an approver group for dual authorization operations.Note:For tenants, the approver group is the default Tenant Admin group | - Users who can authorize the request: The selected users can authorize requests for modification. - User groups which can authorize the request: The users of the selected user groups can authorize requests for modification. - Number of approvers: Number of users to authorize the request. |