Tutorial: Database Change with Risk-Based Approval Flow

Overview

Custom Approval enables organizations to implement multi-stage approval workflows for database changes based on their risk levels. This ensures that potentially impactful changes receive appropriate review before deployment.

Key Features

  • Risk-based routing: Different approval flows for different risk levels
  • Multi-stage approvals: Chain multiple approval nodes in sequence
  • Role-based authorization: Leverage built-in or custom roles for approvals
  • Flexible configuration: Skip approvals for low-risk changes or require multiple approvers for critical ones
Workflow Compatibility:
  • UI Workflow: Custom Approval integrates seamlessly with the UI-based change workflow
  • GitOps Workflow: For GitOps, configure approvals in your VCS (GitHub/GitLab/Bitbucket) PR/MR process instead

How Approval Works

The Approval Process

  1. Risk Assessment: When a database change is created, Bytebase evaluates its risk level
  2. Flow Assignment: Based on the risk level, the appropriate approval flow is triggered
  3. Sequential Approval: Approvers review and approve each node in order
  4. Rollout: After all approvals, changes proceed to deployment

Understanding Risk Levels

Bytebase categorizes database changes into risk levels based on:
  • Operation type (DDL vs DML)
  • Affected data volume
  • Target environment
  • Custom risk rules
Learn more about configuring risk levels in Risks to fine-tune how changes are categorized and routed for approval.

Configuration Guide

Step 1: Design Your Approval Flows

Navigate to Settings > Custom Approval > Approval Flows

Creating an Approval Flow

  1. Click Create to add a new flow
  2. Name your flow descriptively (e.g., “Production DDL Review”)
  3. Add approval nodes:
    • Each node represents one approval stage
    • Specify the required role for each node (built-in or custom role)
    • Nodes execute in the order you define
Approval Flow

Step 2: Map Flows to Risk Levels

Navigate to Settings > Custom Approval > Rules
  1. For each risk level (Low, Moderate, High), select:
    • An approval flow to enforce
    • Or “Skip manual approval” for automated processing
  2. Save your configuration

Step 3: Configure Project Settings

In your project settings, consider:
  • Self-approval: By default, users cannot approve their own changes. Enable self-approval only if your process allows it
  • Rollout Policy: Define whether approved changes deploy automatically or require manual trigger via rollout policy