All Products
Search

This Product

    Data Management:Customize a ticket approval process

    Document Center

    Data Management:Customize a ticket approval process

    Last Updated:Dec 11, 2024

    In Data Management (DMS), approval processes are associated with security rules. If the ticket approval templates provided by DMS cannot meet your business requirements, you can customize ticket approval processes. This topic describes how to customize a ticket approval process and apply the approval process to a security rule that is associated with database instances. In this example, the approval process is used when you submit a database change ticket for a database whose environment type is production.

    Overview

    1. Create an approval node.

      Add the DMS users who are required to approve tickets to the approval node.

    2. Create an approval template.

      Customize a ticket approval process.

    3. Apply the approval template to a security rule that is associated with database instances.

      The approval template takes effect only after it is applied to a security rule that is associated with database instances.

    Prerequisites

    • You are a database administrator (DBA) or a DMS administrator. For more information, see View system roles.

    • The database instance for which you want to customize an approval process is managed in Security Collaboration mode.

    Usage notes

    • Each database instance can be associated with only one security rule set. The security rule set can be the default security rule set or a custom security rule set.

    • We recommend that you specify at least two approvers in a ticket approval process. Otherwise, the approval result may be inaccurate or delayed.

    • DMS allows you to configure instance-level security rules. This way, you can customize different approval processes for different database instances or databases. However, instance-level security rules may have the following limits in the actual business environment:

      • Each database instance has only one DBA. If you specify the DBA as the approver of an approval process but the DBA cannot approve tickets in time, the approval process may be delayed.

      • If multiple business units share the same database in a database instance, each business unit may want to approve only the tickets for their respective business operations. However, the current instance-level security rules do not allow you to implement this type of approval process.

    Step 1: Create an approval node

    1. Log on to the DMS console V5.0.

    2. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All functions > Security and Specifications > Approval Processes.

      Note

      If you use the DMS console in normal mode, choose Security and Specifications > Approval Processes in the top navigation bar.

    3. On the Approval Processes page, click the Approval Node tab. On the Approval Node tab, click Create Approval Node. In the Create Approval Node dialog box, configure the parameters.

      In this example, two approval nodes are created. One is named Test DMS Admin, and the test DMS administrator named db_doc is specified as the approver. The other is named Test User, and the test user named dmsuser is specified as the approver.

      image

      Note

      You can specify one or more approvers for an approval node. After you specify multiple approvers for an approval node, a ticket passes the approval if at least one approver approves the ticket.

    4. Click Submit.

      image

    Step 2: Create an approval template

    1. On the Approval Processes page, click the Approval Template tab. On the Approval Template tab, click Create Approval Template. In the Create Approval Template dialog box, configure the parameters.

      In this example, the template is named Test User->Test DMS Admin and Define an approval process. In this approval process, tickets are approved by dmsuser and then by db_doc. is entered in the Remarks field. The approval nodes are added in the following order: Test User and Test DMS Admin.

      image

    2. Click Submit.

    3. After the approval template is created, record the ID of the new approval template.

      In this example, the template ID is 4617988.

      image

    Step 3: Apply the approval template to a security rule

    1. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All functions > Security and Specifications > Security Rules.

      Note

      If you use the DMS console in normal mode, choose Security and Specifications > Security Rules in the top navigation bar.

    2. On the Security Rules page, find the security rule set that you want to manage and click Edit in the Actions column.

      Expand to see how to view the security rule associated with an instance

      image

      image

    3. On the Details page of the security rule set, click SQL Correct in the left-side pane.

    4. On the SQL Correct tab, select Risk Approval Rules as the checkpoint. Find the security rule that is applied to medium-level risk approval processes and click Edit in the Actions column.

      image

    5. Replace the template ID in the Rule DSL field with the ID of the approval template that you created in Step 2. In this example, the template ID is replaced with 4617988.

      image

    6. Click Submit.

    7. On the SQL Correct tab, find the security rule and click Enable in the Actions column.

    8. Associate risk approval rules with risk identification rules.

      On the SQL Correct tab, select Risk Identification Rules as the checkpoint. Find the Production environment, default is medium risk rule and click Edit in the Actions column. In the Change Rule - SQL Correct dialog box, edit the domain-specific language (DSL) code in the Rule DSL field to apply the custom approval process to the databases of the specified environment type.

      image

      The following sample code provides an example on how to edit the DSL code in the Rule DSL field. The DSL code indicates that importing data to databases whose environment type is production is considered as an operation that may cause medium-level risks. In this case, the Test User->Test DMS Admin template is used as the approval template. 

      if
 @fac.env_type in ['product']
then
 @act.mark_risk 'middle' 'Medium-level risk: online environment'.
end

    9. Verify whether the approval template is applied.

      In this example, a ticket is submitted to import data to a database in the production environment. If the approval process in the approval dialog box is the same as that you configured, the approval template is applied. For more information, see Import data.

    What to do next

    After you customize the ticket approval process, you may also need to configure the methods used to receive ticket approval notifications for the approvers of the approval process. Supported notification methods include text message, DingTalk, and email. For more information, see Manage users and Configure notification by DingTalk Standard Edition, DingTalk Exclusive Edition, and Lark.

    FAQ

    Q: How do I specify different approvers for different databases?

    A: You can specify different resource owners for different databases. When you create an approval template, add the system node Owner as an approval node.