Skip to Content
User ManualWorkflowRequesting DB Policy Exception

Requesting DB Policy Exception Request

Overview

When using the new DAC policy supported from version 10.2.6, you cannot request through Workflow using the existing Unmasking Request or Restricted Data Access Request. That is, when the new policy feature is activated, use the DB Policy Exception Request displayed in the Request menu.
Unlike existing policies, DB Policy Exception Request does not separate Unmasking and Restricted Data Access into separate forms, but rather selects one of Unmasking or Restricted Data Access as the Exception Type in a single form.

Requesting Policy Exception

1. Selecting Approval Rules

  • Select an Approval Rule to choose the appropriate approval rule for your purpose. The approval target varies depending on the selected rule.
  • If a pre-configured approval rule is selected, the approver is automatically assigned and cannot be added or modified.
  • Approval Expiration Date: Enter the approval expiration date. The maximum value can be set through Maximum Approval Duration. The Approval Expiration Date cannot exceed the Exception Expiration End Date. If exceeded, the request cannot be submitted.
    • However, when submitting in Urgent Mode, the above condition is ignored.

Screenshot-2025-08-26-at-12.54.02-AM.png

2. Assigning Approvers

  • Click the + button in the approval line to display a popup window where you can assign step-by-step approvers.
  • In this popup window, add approval conditions and approvers, then click the Save button to save the approval line.
  • Available approval conditions are as follows:
    • A single Assignee can complete the approval request: The approval request is approved with just one approval from multiple people.
    • All Assignees must approve this request: All approvers must approve for the approval request to be approved.

screenshot-20240724-154729.png

3. Assigning Reviewers

  • Click the + button in the approval line to display a popup window where you can assign reviewers.
    • If the administrator has not allowed reviewer assignment, the Reviewer box will not be displayed.
  • In this popup window, add approval conditions and approvers.
  • Click the Save button to close the modal and complete reviewer assignment.

screenshot-20240724-171350.png

4. Sending Request with Post-Approval

  • If you select an approval rule that allows post-approval functionality, the Urgent Mode switch will be displayed.
  • After setting Urgent mode = On and registering the approval request, you can immediately receive permissions or perform tasks.

screenshot-20240523-184245.png

Q. I can’t see the Urgent Mode switch. A. If you select an approval rule where the administrator has not allowed Urgent Mode, this feature will not be displayed.

5. Entering Request Details

  • Title: Enter the request title.
  • Exception Type: Select Unmasking for temporary mask removal requests, and Restricted Data Access for temporary access requests to blocked paths.
  • Connection: Select the connection that contains the table or column for which you want to request mask permission or access permission.
    For mask removal, only columns can be selected since masking policies are column-based.
  • Data Scope: You can select either Data Path or Tag. The default value is “Data Path”.
    • Data Path: Directly specify the column or table you want to unmask or access.
      • Table: Select the target table.
      • Column: You can select one or more columns, up to a maximum of 30 columns.
    • Tag: If the applicant knows that a policy is set based on tags for a specific path and knows which tags are assigned, they can apply by specifying tags. Generally, since applicants do not know whether policies are set with tags or which tags are used, they need to get help from administrators first when applying with tags.
      • Tags: When Data scope is specified as tags, you can use the tags used in the policy.
  • Policy Exception Schedule: You can set the period during which the policy exception will be applied. The maximum validity period of the policy exception cannot exceed the Maximum Policy Exception Period set by the administrator.
    • Specific Period: Specify the start and end times. You can specify in hours.
    • Time Duration: Specify so that it is valid for the set time from the start time.
    • Start On Approval option: For both Specific Period and Time Duration, if you enable (check) Start On Approval, the effect begins at the time of approval. In general, since the requester cannot know the approver’s approval time, using this option is not recommended (it may require resubmitting if expiration constraints arise). When using Urgent Mode, approval is post-approval and it’s unknown when approval will occur; therefore, except for special situations where it must be used, Start On Approval is not recommended.
  • Reason for Request: Enter the reason for requesting policy exception.
  • Click the Submit button at the bottom of the page to submit the request.

User > Workflow > Submit Request > DB Policy Exception Request

User > Workflow > Submit Request > DB Policy Exception Request

Last updated on
Approval Additional Features (Proxy Approval, Resubmission, etc.)Database Access Control