Add Role-Based Query Approval Workflow #29
Description
We want to introduce a workflow that requires designated approval for certain database queries. This feature ensures that users with specific roles (e.g., security officer, DevOps, or team lead) can either run queries directly or must seek permission from an authorized party if they don’t have direct permissions.
- Permission Rules
- Some users can execute queries directly without approval.
- Others must submit a request that a responsible individual can review and approve.
- Request Submission and Tracking
- Each user query is saved in a sub-database (or ticket system) as an “application.”
- The system records details about which server the query targets and who requested the query.
- Approval Interface
- Users with the authority to approve queries can see all open requests in a dedicated interface.
- They can approve or reject requests based on server permissions and organizational policies.
- Notifications
- Users should receive a notification when their request is approved or rejected.
- Responsible individuals should be notified about new requests.
Goal
Implement a secure and transparent approval process that ensures queries are only run by authorized users or with explicit permission from a responsible party, reducing the risk of unauthorized access or policy violations.