Approval Chains
Approval Chains let you configure multi-level approval workflows for high-risk actions, ensuring that critical operations receive sign-off from the right people in the right order.
Overview
For actions that require more than a single human review, Approval Chains define a sequence of approvers that must each sign off before the action can execute. This adds structured, multi-layered oversight to your most sensitive operations.
How Approval Chains Work
- An action is submitted and the governance pipeline assigns a HELD verdict
- Instead of going to the standard escrow queue for a single reviewer, the action enters an approval chain
- The first approver in the chain receives the action for review
- If the first approver approves, the action advances to the next approver
- This continues until all approvers in the chain have approved
- If any approver rejects, the action is blocked immediately
- The action only executes after every approver in the chain has signed off
TIP
Approval chains are ideal for actions like production deployments, financial transactions above a threshold, or changes to access controls -- operations where a single reviewer is not sufficient.
Creating an Approval Chain
To create a new approval chain:
- Navigate to Approval Chains in the sidebar
- Click Create Chain
- Give the chain a descriptive name (e.g., "Production Deployment Approval")
- Add approvers in sequence -- the order matters, as each approver reviews after the previous one approves
- Save the chain
Chain Configuration
| Field | Description |
|---|---|
| Chain Name | A descriptive name for the approval workflow |
| Approvers | Ordered list of users or roles that must approve, evaluated sequentially |
| Timeout | How long each approver has to respond before the action times out |
Linking Chains to Actions
Approval chains can be linked to governance in two ways:
By Action Type
Assign a chain to a specific action type. Any time that action type is governed, it flows through the specified approval chain instead of the standard escrow queue.
By Tier
Assign a chain to a governance tier. All actions mapped to that tier go through the approval chain. This is useful for applying multi-level approval to all Tier C (controlled) actions.
WARNING
If an action matches both an action-type chain and a tier-level chain, the action-type chain takes precedence. Be mindful of overlapping assignments to avoid confusion.
Approval Chain Status
While an action is moving through an approval chain, you can track its progress:
- Which approvers have signed off
- Which approver currently has the action
- How much time remains before timeout at the current stage
- Whether the chain completed successfully or was rejected
Audit Integration
Every approval and rejection within a chain is recorded in the Audit Trail. The audit record includes which approver acted, when, and what decision they made at each stage of the chain.
Related Features
- Escrow Queue -- Single-reviewer workflow for standard held actions
- Tier Mapping -- Link approval chains to specific tiers
- Governance Policies -- Policies determine which actions get held