Approvals
Policy & AuthorityApprovals handle the decision-making within policy workflow stages. When a workflow reaches an approval node, designated approvers review the policy content and take action — approving, rejecting, requesting changes, or granting an exception. All decisions are recorded with full audit context.
Approvals operate within the stages defined by Workflows and are part of the Policy Requests lifecycle.
Approval decisions
| Decision | Effect |
|---|---|
| APPROVE | Advances the request to the next workflow stage |
| REJECT | Stops the workflow and returns the request to the submitter with a reason |
| EXCEPTION | Grants approval with a documented exception or condition |
| REQUEST_CHANGES | Pauses the workflow and sends the request back for revisions |
Approval decision panel
On a request’s Details tab, reviewers see an approval decision panel that provides the context and controls needed to take action:
- Current workflow stage and the reviewer’s role within it
- Available actions based on the stage configuration
- Comments field for providing feedback or rejection reasons
- Timestamp and identity tracking for the decision
Rejection reasons
When rejecting a request, reviewers must select from a predefined set of rejection reasons plus an optional free-text explanation. Standardizing rejection reasons ensures consistent data for reporting and process improvement across the policy lifecycle.
Delegation
If an approver is unavailable, delegation rules can route the approval to a designated alternate. Delegation is configured through the workflow builder’s approval node settings, ensuring that approval processes are not blocked by individual availability.
Audit trail
Every approval action is recorded as a PolicyActivity entry, capturing:
- The reviewer who took the action
- The decision made
- Timestamp of the action
- Comments or rejection reasons provided
- The workflow stage context
This provides a complete audit trail visible on the request’s History tab, supporting compliance requirements and internal accountability.
Permissions
Approval actions require the reviewer to be assigned to the relevant workflow stage through role mapping. There is no separate permission — access to approve, reject, or request changes is determined by the reviewer’s role assignment within the active workflow stage.