Skip to main content

Team approvals workflows

For accounts with Teams enabled, there are specific actions that require the team to request and approve.

Review the following actions that require approval:

  • Create offline releases

  • Export keypairs

  • Delete keypairs

  • Revoke certificates

The following permissions determines which user can request or approve these actions:

  • Request an above action for the team they belong to:

    User must have the one of the following permissions: request release, request keypair export, request keypair delete and, or revoke certificate.

  • Approve an above action for the team they belong to:

    User must have one of the following permissions: approve release window, approve keypair export, approve keypair delete and, or revoke certificate.

Approval procedure for team actions

注記

Review the following statements regarding the approval flow for enabled teams:

  • All approval flows are subject to UCO constraints.

  • Users with MANAGE_SM_ALL_TEAMS can take actions on any resource belonging to any team in the account, regardless of whether they're part of that team.

    • They can request actions such as offline releases, keypair exports, keypair deletions, and certificate revocations. However, the approval process remains unchanged; only team members with the appropriate approval permissions can approve these requests.

  • Users with MANAGE_SM_MY_TEAMS or similar roles can take actions on resources belonging to the team they're part of.

    • They can request actions like offline releases, keypair exports, keypair deletions, and certificate revocations. However, as with all requests, only team members with the necessary approval permissions can approve them.

When teams are enabled and a member requests approval to complete an action, the following approval procedure takes place:

  1. All members on the team with the permission to approve the action receives an email with the request.

  2. The approver must select View request in the email.

  3. The approver must review the request and select Approve or Reject.

  4. Once the required number of approvals is received, one of the following actions takes place:

    • The certificate is revoked

    • The keypair is deleted

    • The offline release is created

    • The requester receives an email with a link to export the keypair

注記

If one member rejects the request, then the entire request is canceled and the user has to request the action again.

Change required approvals

注記

To perform this action, you must have a user role that contains the Manage all teams or Manage my teams permissions.

  • The Manage all teams permission allows you to change the approval amount on any team in the account.

  • The Manage my teams permission allows you to change the approval amount on any team in the account that you're a part of.

  1. In the Software Trust menu, go to Account > Teams.

  2. Select the desired team.

  3. In the Overview page, next to Approvals required, select the edit (white_pencil_edit_icon.png) icon.

  4. Under Approvals required, update the required amount of approvals needed to complete a specific action within the team. You can update approvals for the following team actions:

    • Approve offline release

    • Export keypair

    • Delete keypair

    • Revoke certificate

  5. Select Update team.

このセクションの内容: