> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytebase.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Custom Approval
## Overview
Custom Approval enables organizations to implement approval workflows for database operations including schema and data changes, database creation, data export, role requests, and just-in-time data access. You define conditions and approval nodes directly on each approval flow to determine when it applies and who needs to approve.
### Key Features
* **Condition-based routing**: Define conditions on each approval flow to match specific changes
* **Multi-stage approvals**: Chain multiple approval nodes in sequence
* **Role-based authorization**: Leverage built-in or custom roles for approvals
* **First-match-wins ordering**: Drag-and-drop to reorder flows; the first matching flow applies
* **No approval required**: Optionally skip approval for certain changes
**Workflow Compatibility:**
* **UI Workflow**: Custom Approval integrates seamlessly with the UI-based change workflow
* **GitOps Workflow**: For GitOps, configure approvals in your VCS (GitHub/GitLab/Bitbucket) PR/MR process instead
## How Approval Works
### The Approval Process
1. **Condition Matching**: When a request is created, Bytebase evaluates the approval flows in order under the matching source type. The first flow whose condition matches is used
2. **Fallback**: If no flow matches under the source type, the **Fallback** source type flows are evaluated as a catch-all. You can also add a catch-all flow at the end of each source type (with a broad or empty condition) to serve as a per-source-type fallback
3. **Sequential Approval**: Approvers review and approve each node in order
4. **Execution**: After all approvals, the request proceeds to execution (for example, deployment, database creation, data export, or role change)
### Source Types
Approval flows are organized by source type:
| Source | Description |
| ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Change Database** | DDL and DML operations (schema changes and data modifications) |
| **Create Database** | Database creation operations |
| **Export Data** | Data export operations |
| **Request Role** | Role/permission request operations |
| **Request Just-In-Time Access** | [Just-in-time data access](/security/database-permission/just-in-time#just-in-time-data-access) requests — run a specific statement, optionally exporting the result |
| **Fallback** | Catch-all flows when no source-specific flow matches |
### Conditions
Each approval flow uses a condition expression built from variables like environment, project, database engine, SQL type, and affected rows. The available variables depend on the source type, and the condition builder dropdown in the UI shows all options.
For **Change Database**, a `risk_level` variable (`"HIGH"`, `"MODERATE"`, `"LOW"`) is also available. It is automatically calculated by Bytebase based on the statement type. See [Risk Center](/administration/risks) for details.
## Configuration
Navigate to **CI/CD > Custom Approval**.
Approval flows are grouped by source type. For each source type, click **Add Rule** to create a new approval flow.
### Creating an Approval Flow
1. **Title** (required): Name the flow descriptively (e.g., "Production DDL Review")
2. **Description**: Optionally describe when and why this flow applies
3. **Condition** (required): Define when this flow triggers. You can build conditions using the visual condition builder, or click **Add raw expression** to write a CEL expression directly. Combine multiple conditions with **Add condition** or group them with **Add condition group**
4. **Approval nodes**: Add one or more approval stages. Each node specifies a required role (built-in or [custom role](/administration/roles)). Toggle **No approval required** to skip manual approval for matching changes
Click **Create** to save the flow.
### Ordering and Priority
Flows are evaluated in order (top to bottom) under each source type. **The first matching flow wins.** Drag-and-drop to reorder flows. Place more specific conditions above broader ones.
If no source-specific flow matches, fallback flows are evaluated.
### Preset Templates
When creating a flow, preset templates are available for common scenarios. Click a template to populate the title, condition, and approval nodes automatically.
### Examples
| Source | Condition | Approval Nodes |
| --------------- | ----------------------------------- | -------------------- |
| Change Database | `resource.environment_id == "prod"` | Project Owner -> DBA |
| Change Database | `resource.environment_id == "dev"` | No approval required |
| Create Database | `resource.environment_id == "prod"` | DBA |
| Export Data | `resource.table_name == "salary"` | Project Owner |
| Request Role | `resource.environment_id == "prod"` | Project Owner -> DBA |
### Related Settings
* [Self-approval](/change-database/settings#self-approval) — allow issue creators to approve their own changes (disabled by default)
* [Rollout policy](/change-database/environment-policy/rollout-policy/) — configure automatic vs manual rollout and plan check enforcement