Approval Manager

The Approval Manager module when licensed provides the option to dually authenticate the add/edit or delete operations using ADSS Server Console. It makes sure that no change is made unnoticed within the ADSS Server Console. When dual control is enabled it means that if one operator performs a configuration operation and creates, edit or deletes any element in any record then that action is left pending until a second operator (the security officer) has approved the operation. Both operators must have suitable privileges to access the Approval Manager. This ensures that critical changes cannot be made without considered approval by two suitably privileged members of staff.

An ADSS Server operator that has access to the Approval Manager is deemed to be a Security Officer role holder, as this privileged role allows the Security Officer to approve or reject operations performed by other operators. Security Officers cannot approve their own operations ensuring that dual control is preserved in all cases. The Security Officer can perform others configurations on ADSS Server depending on the privileges assigned to them. If this is not required then additional privileges should not be assigned.

Before enabling dual control ensure that at least one operator exists with access to the Approval Manager module and also the issuer of this operator's SSL client certificate is registered in Trust Manager. When Dual Control is already enabled then the Security Officer must approve the creation of new operators before these newly generated operators can login.