Make sure that the required Approvals permissions  are enabled to be able to use this functionality.

Transaction Approvals feature lets you set up certain users (approvers) so that they can approve or decline actions performed by other users (requesters). This feature is tied to roles. You can enable the ability to approve transactions for a user role and you can configure that certain transactions performed by a user role will require approval. Note that any approver can approve or decline any transaction that requires approval in the cloud. 

After a transaction that requires approval is initiated, it is paused with the 'Pending' status and a notification is sent to the approver users. After an approver has made a decision, a notification is sent to the requester. Note that if an action initiates several transactions, all its transactions will be approved in case the main transaction is approved. For example, the schedule build virtual server transaction includes the transactions that create the VS resources and which will be approved automatically if the schedule build virtual server transaction is approved.

Enable Transaction Approvals for Your Cloud

Firstly, you need to enable transaction approvals for your cloud. You can do this in the Configuration section. 

To enable transaction approvals for your cloud:

  1. Go to your Control Panel > Admin > SettingsConfiguration > System tab.
  2. Move the Transaction approvals slider in the Miscellaneous section to enable approvals.
  3. Click the Save Configuration button.

Next, you can proceed to setting up approver user roles.

Set up Approver User Role(s)

Approvers have the ability to approve or decline transactions in the cloud, they receive notifications about the transactions that are pending approval. By default, only the admin user role has the permissions to approve/decline transactions. To add this permission to other user roles, go to your Control Panel > Admin > Roles > Label > Edit and enable the Approvals permissions.

After you configure the approval user roles you need to set up the list of transactions that require approval for that or other user role.

Configure the List of Actions that Require Approval

Once you enable the permissions for the approver user role(s), you can configure which transactions require approval for each of the user roles.

To set the list of transactions that will require approval for a user role:

  1. Go to your Control Panel > Admin > Roles > Actions button next to the required user role and select Set approvals.
  2. On the page that loads set Yes for the action(s) which should require approval:
    • attach disk - adding a disk to a server with the Hot attach option selected
    • build disk  - adding a disk to a server without the Hot attach option selected or adding a disk during virtual server creation
    • compose vApp - composing a new vApp
    • create data store - adding a new data store
    • create resource pool - adding a new resource pool from the Control Panel > Resource Pools page
    • destroy data store - deleting an existing data store
    • destroy disk - deleting an existing disk that was created without the Hot attach option selected
    • delete vApp - deleting an existing vApp
    • destroy resource pool - deleting an existing resource pool
    • destroy virtual server - deleting an existing server. This option refers to the destruction of any type of server in OnApp: virtual server, application server, storage server, VS in Federation, etc.
    • detach disk - removing a disk that was created with the Hot attach option selected
    • recompose vApp - recomposing a vApp
    • resize disk - resizing an existing disk
    • resize virtual server - resizing an existing server with a reboot. This option refers to the resize of any type of server in OnApp: virtual server, application server, storage server, VS in Federation, etc.
    • resize VS without reboot - resizing an existing server without a reboot. This option refers to the resize of any type of server in OnApp: virtual server, application server, storage server, VS in Federation, etc.
    • schedule build vDC - adding a new resource pool after an orchestration model deployment
    • schedule build virtual server - creating a new VS. This option refers to the creation of any type of server in OnApp: virtual server, application server, storage server, VS in Federation, etc.
    • schedule rebuild virtual server - rebuilding a virtual server. This option refers to the creation of any type of server in OnApp: virtual server, application server, storage server, VS in Federation, etc.
    • update data store - changing the properties of a data store
    • update resource pool - changing the properties of a resource pool
  3. When you have finished, click Save.

If you set approvals for a user role that has permissions to approve transactions, the transactions performed by the representatives of this user role will be approved automatically.

After the above configuration, the selected transactions performed by a representative of the user role will be paused until they are approved or declined by an approver. Next, you can set up notifications so that approvers are notified in case there are transactions that are pending approval and the requesters will be notified after their transaction has been approved/declined.

Configure Approval Notifications

You can configure the system to send notifications to the approver users when there is a transaction pending approval. Requester users can also be sent emails after there has been a decision regarding the transaction they have initiated.

To set up notifications for the approver users:

  1. Enable notifications for you cloud at Control Panel > Admin > Configuration menu.
  2. Configure gateways at Control Panel > Admin > Gateways menu. You can configure it to send either internal notifications in OnApp or emails.
  3. Add notification templates at Control Panel > Admin > Notification Templates menu. These templates are the messages that are sent to the approvers. You can add any text to the messages. Add the %{message} text to the template for the messages to automatically include the link to the transaction that is pending approval.
  4. Create the approver recipients list at Control Panel > Admin > Recipients Lists menu and add the approver users to it. 
  5. Set up subscriptions at Control Panel > Admin > Subscriptions menu. Add the gateway (step 2), the notification template (step 3),  the recipients list (step 4) and select the Pending approval event for the new subscription.

After the above configuration, the approver users will receive notifications when there is a transaction pending approval in the cloud.

To set up notifications for the requester users:

  1. Go to your Control Panel > Admin > Gateways menu.
  2. Click the New Gateway button.
  3. On the page that loads, select the SENDMAIL delivery method for the gateway.
  4. Click Select to proceed to the next gateway creation step.
  5. Depending on the selected delivery method, fill in the following details: 

    For the SENDMAIL delivery method:

    • Name - the name of your new gateway

      For successful notification configuration for requesters, the name of the gateway should be System SENDMAIL Gateway.

    • From - the email address from which emails will be sent
    • Host - the server IP or URL

    For the SMTP delivery method:

    • Name - the name of your new gateway

      For successful notification configuration for requesters, the name of the gateway should be System SMTP Gateway.

    • From - the email address from which emails will be sent
    • Host - the server IP or URL
    • Smtp address - address of the SMTP server
    • Smtp port - port of the SMTP server
    • Smtp domain - associated domain
    • Smtp user name - user name to login into SMTP server
    • Smtp password - password to login into SMTP server
    • Smtp authentication - select an authentication mechanism from the drop-down list: plain, login, or cram_md5
    • Smtp enable starttls auto - enable the StartTLS extension
  6. Click Save to finish the creation process

After the above configuration, the requester users will automatically be sent an email after their transaction has been approved or declined.

For detailed information on notifications refer to Notifications.

Approve or Decline Transactions

The Control Panel > Approvals menu contains the list of all the transactions that require or required approval with their details:

  • ref - the reference number of the transaction. Click the number to view the details of the transaction.
  • status - the status of the transaction:approved, declined or pending
  • date - the date when the transaction was initiated
  • action - the action performed by the transaction
  • target - the entity to which the transaction is related: vApp, VS, resource pool, data store or disk
  • requester - the user who initiated the transaction. Click the name of the user to view their profile.
  • approver - the user who has approved or declined the transaction. Click the name of the user to view their profile. The link to the approver appears only after the transaction has been declined or approved.

To approve or decline a transaction, click its reference number and select the Approve or the Decline button at the bottom of the page. The page will also display the output and details of the transaction. The resource difference tables contain the changes in resource distribution before and after the transaction.

For detailed information on logs, refer to Logs.

Leave feedback