Tutorial: Database Change with Risk-Based Approval Flow

Overview

Custom Approval allows you to create multi-stage approval workflows based on change risk levels. Each database change can require approvals from specific roles before proceeding to rollout.
Best Practices:
  • Custom Approval works best with UI workflow. For GitOps workflow, configure approvals in your PR/MR process instead.
  • By default, users cannot self-approve their own issues. You can change this setting in project settings if needed.

How It Works

Approval Flow Structure

An approval flow consists of one or more approval nodes arranged in sequence:
  • Each node specifies a role (e.g., Project Owner, DBA, or custom role)
  • Any member with that role can approve the node
  • All nodes must be approved before the issue proceeds to rollout
After approval, the actual deployment may still require manual action depending on your rollout policy configuration.
Approval Flow

Setting Up Custom Approval

Step 1: Create Approval Flows

  1. Navigate to Settings > Custom Approval
  2. Click the Approval Flows tab
  3. Create or edit an approval flow
  4. Add approval nodes with required roles

Step 2: Assign Flows to Risk Levels

  1. Click the Rules tab
  2. Select an approval flow for each risk level
  3. Choose “Skip manual approval” if no approval is needed for a specific risk level

Working with Custom Roles

When built-in roles don’t match your approval requirements, you can create custom roles with specific permissions. Example use cases:
  • Create a Tester role for QA approval
  • Define a Compliance Officer role for regulatory review
  • Set up a Release Manager role for deployment coordination

Adding Custom Roles to Approval Flows

  1. First, create the custom role
  2. Navigate to CI/CD > Custom Approval
  3. Select the Approval Flows tab
  4. Edit your approval flow and add the custom role as an approval node
add-to-custom-approval-flow

Approval Process

When an issue matches a configured risk level:
  1. The issue enters the approval stage
  2. Designated approvers receive notifications
  3. Each approval node must be approved in sequence
  4. After all approvals, the issue proceeds based on rollout policy
  5. Changes are deployed automatically or manually as configured