About Secondary Approval Policies

Use Secondary Approval to configure CloudControl to require additional approval before users can perform selected disruptive operations on a resource. For example, you can require secondary approval before deleting or powering off a virtual machine or vApp, editing a firewall, or creating an edge gateway service.

When a user attempts to perform a vSphere or NSX-t operation that requires secondary approval, the operation fails with a notification that secondary approval is required, and that a request was generated.

Note: If you have SMTP configured, and the users or groups have an email address in AD, then email messages are generated.

You can approve or deny a request on the Secondary Approval Requests page. See Approve or Deny Secondary Approval Requests .

Important: Users cannot approve their own requests, even if they are in the approval group. A different user must approve the request.