Approval Flows

When a user needs to execute a workflow that involves accessing sensitive or restricted data the operator of the resource may want to review it, and also time limit it before approving the request. Kubiya is a platform that simplifies this process by providing an ecosystem where both the requester and operator can operate.
Through Kubiya, the requester can trigger a workflow via Slack where a specific action may require access to a resource the user doesn't have access to. The requester can also view the identity of the resource operator. After submitting the request, the requester can proceed with other tasks while waiting for approval. Upon approval, the requester will receive a notification and have the option to resume the workflow from the last checkpoint and complete the task.
In addition, if the workflow contains multiple actions that require permissions, the operator can approve each action separately or approve them all to guarantee a seamless and bother free execution. Kubiya is an intuitive platform for managing resource access requests, providing both transparency and control to both the requester and operators. For example, Let’s take a workflow called get_news_workflow containing two actions: one that displays the user an array of television news channels and asks the user to choose one (get_all_sources) and the second retrieves the channel's cover page articles (get_articles).
The Workflow looks as follows:
version: 3
type: conversation
- id: sources
type: action
name: get_all_sources
store: news
parameters: { }
- id: source
type: input
value_type: enum
prompt: What news channel do you wanna read?
possible_values: ${sources}
- id: articles
type: action
store: news
name: get_articles
parameters: ${source}
- id: print message
type: message
prompt: workflow executed!
When an unauthorized user triggers this workflow action, he will get the following error:
To request permissions, the user should click Request Access button, which will open up the following modal:
Here, the requester should write a short description explaining his request. Upon submission, the request will be sent in slack to the operators. The request will look as follows:
There are 4 options available for the approvers:
  1. 1.
    To see the request (and approve it later on) the owner should click View to open the modal:
    Here, the approver will be able to see all the needed information to help him make a decision, i.e. the requester, the workflow name, the action name, and its description. Once the owner decided to approve the request he will have to fill in two mandatory fields:
    1. 1.
      Grant permissions for a specific time is a closed set of options, ranging from 5 minutes to 24 hours. Once the chosen period of time is over, the requester will be notified.
    2. 2.
      Approve Entire Workflow checkbox. This will approve all actions within the workflow in advance so the requester won’t have to make additional requests for the same workflow.
    For the affect of approval on the requests see here
  2. 2.
    Reject - this is used to reject that request. The requester will be notified that the workflow could not be complete due to lack of permissions. The approver will then see the following message
  3. 3.
    Contact - this is used when more information is needed. It will create a new channel for the requester and approver to discuss and take action accordingly.
  4. 4.
    Assign - Coming soon...

Upon approval

Once the owner approved the request the requester will be notified as follows:
At this point, Kubiya remembers exactly the last step the user was in the workflow and enables the requester to decide whether to continue with the workflow execution or not. Once the requester clicked yes the workflow will continue as planned.