Workflows
Policy & AuthorityWorkflows in Policy Controls define the automated approval process for policy requests. SecureHive uses a visual workflow builder powered by ReactFlow that lets you design multi-stage approval flows with configurable node types, role assignments, and conditional routing.
Workflows drive the approval actions described in Approvals and are triggered by Policy Requests. Default workflow configuration is managed through Settings.
Workflow builder
The visual workflow builder provides a drag-and-drop canvas for designing approval flows. Each workflow is composed of connected nodes that define the stages and logic of the process. Nodes are placed on the canvas and linked together to create the flow sequence.
Node types
| Node | Purpose |
|---|---|
| Start | Entry point for the workflow, triggered when a request is submitted |
| Assignment | Assigns the request to specific users or roles for action |
| Review | A review stage where assigned reviewers examine the policy content |
| Approval | A decision point where approvers can approve, reject, or request changes |
| Notification | Sends email or in-app notifications to specified recipients |
| Escalation | Automatically escalates the request if a stage exceeds its time limit |
| Decision | Conditional routing based on request properties or previous stage outcomes |
| End | Marks the workflow as complete |
Workflow configuration per request type
Each policy request type can have its own workflow configuration, allowing different approval rigor based on the nature of the change.
| Request Type | Use Case |
|---|---|
| CREATE | New policy creation requests — may require legal review and CISO approval |
| UPDATE | Policy modification requests — typically requires owner review and approval |
| RETIRE | Policy retirement requests — may require stakeholder notification and sign-off |
| PUBLISH | Publishing approved policies — final authorization before the policy goes live |
| REVIEW | Scheduled policy review cycles — periodic re-examination of existing policies |
For example, a CREATE request might route through legal review and CISO approval, while a REVIEW request might only need a single reviewer.
Tenant vs policy-level configuration
Workflows can be configured at two levels:
- Tenant level — default workflows that apply to all policies unless overridden. Configured through Settings.
- Policy level — custom workflows for specific policies that require unique approval processes. Configured from the individual policy’s settings.
When a policy request is submitted, SecureHive checks for a policy-level workflow first. If none exists, the tenant-level default for that request type is used.
Role mapping
Workflow stages reference roles rather than individual users. This means that when team membership changes, workflows automatically route to the correct people based on their current roles. Role mapping connects workflow stage assignments to your organization’s team structure defined in the Operating Model.
Permissions
| Permission | Access |
|---|---|
policy:manage | Create, edit, and delete workflow configurations |
| Role assignment | Workflow execution is handled automatically based on role assignments within each stage |