Introduction

Users wish to find an approval process in JOC Cockpit for situations in which users perfrom interventions.

The following roles are involved:

• An Operator intends to perform an intervention that requires approval.
• An Approver confirms or denies the intervention.

The basic functionality of the approval process includes:

• to implement the 4-eyes principle: an Approver has to confirm the intervention of an Operator.
• to keep track of pending interventions.
• to offer fallback for a number of Approvers.

The feature is intended for branch 2.8.

Prerequisites

Profiles

Operator and Approver profiles are required to specify

• the communication channel being one of SMS messages or WhatsApp messages,
• a phone number for receipt of Notifications.

Internet Connection

JOC Cockpit, Controller and Agents are operated without internet connection.

Components

Notifications

Notification Channels include

• Internal Notifications
  • Notify the recipient of the Notification in JOC Cockpit provided that an active session exists in JOC Cockpit for the recipient.
• External Notifications
  • Send e-mail to the Approver.
  • Send SMS messages by e-mail using an SMS Gateway Provider that accepts e-mail which is converted to SMS messages and is forwarded to the Approver.
    • SMS Gateways are commercial services offered at low cost from a vast number or providers such as Twilio, Telnyx, Bird etc.
  • Send WhatsApp messages using https://developers.facebook.com/docs/whatsapp/cloud-api/.
    • The Facebook Cloud API requires prior registration.
    • Consider that use of 3rd-party APIs and Services for sending WhatsApp messages is illegal. Use of the Facebook Cloud API only is legitimate.
  • Send Signal messages using https://github.com/signalapp/libsignal

Users configure available Notification Channels and configure the ordering by which Notification Channels are triggered.

Notification Channels that require internet access, for example use of WhatsApp messages or Signal messages, make use of the JS7 Notification Service. The service is operated from a component on a separate machine with internet access.

• JOC Cockpit can access the service to send and to receive Notifications. The JS7 Notification Service does not establish a connection to JOC Cockpit.
  • Connections are established using mutual TLS authentication between JOC Cockpit (client) and the JS7 Notification Service (server).
• The JS7 Notification Service offers a REST API to send Notifications and to receive Notifications.

Operator Groups and Approver Groups

Operators and Approvers are managed by groups:

• Operators are members in a given JS7 role. A number of JS7 roles can be assigned an Operator Group.
• Approvers are members in a given JS7 role. A number of JS7 roles can be assigned an Approver Group.

The following applies to the mapping of approval requests to roles:

• Any member of an Operator Group can prompt an Approver for confirmation of an intervention.
  • An Operator can specify the preferred Approver (identified from the Approver's account) for a given approval request.
• Any member of an Approver Group can handle approval requests initiated by any Operator.
  • The preferred Approver specified by the Operator for an approval request is contacted first.
  • If the preferred Approver does not respond to the request within a configurable period, then the next Approver in the Approver Group will be notified.

Use Cases

Operator prompts Approver to confirm Intervention

• The Operator is prevented from directly performing an intervention. Instead, a Notification is created for the requested intervention that is sent to an Approver.

• Fail-over and switch-over of JOC Cockpit must be supported.

• Prompts for approval are persisted, and the list of pending prompts is available in JOC Cockpit, allowing Operators to cancel and to confirm prompts for approval.

Approver connected to JOC Cockpit

• An Approver who is connected to JOC Cockpit from an active session receives an Internal Notification within JOC Cockpit for pending approvals. The Notification explains affected objects and the type of intervention.

  • The Approver confirms/denies the intervention in JOC Cockpit.
• If an Approver connected to JOC Cockpit from an active session does not respond to the Internal Notification within a configurable period, for example 5 minutes, then the process applies as explained from chapter Approver external to JOC Cockpit.

Approver not connected to JOC Cockpit

If an Operator prompts for confirmation of an intervention and the Approver is not connected to JOC Cockpit from an active session or does not respond to a JOC Cockpit Internal Notification, then the Approver will be notified externally.

The approval process is supported by an external OIDC Identity Provider allowing to connect to JOC Cockpit and to approve the intervention. Any approval is performed inside JOC Cockpit.

• The basic proceeding corresponds to https://www.ory.sh/docs/oauth2-oidc/authorization-code-flow

Capabilities

Prompt Notification System

When an Operator prompts an Approver to confirm an intervention, then the Approver receives an Internal and/or External Notification. If an Approver confirms or denies an intervention request, then the Operator receives an Internal and/or External Notification.

• Notifications include details about the internvention and about the Approver's response (confirmed/denied).

• Users can customize notification preferences. In case that the Approver is not available, another Approver should receive a notification in JOC Cockpit and via e-mail.

Fallback User Notification

When an Approver is unavailable, then another Approver should be notified to take over confirmation to ensure that the approval process is not interrupted. 

• The list of accounts for fallback to confirm an operation has to be predefined.

• JOC Cockpit should automatically check the availability of User 2. If unavailable, User 3 is notified and prompted to confirm.

Pending Prompts Summary

• Along with the real-time notification of high-priority prompts,  Approvers receive a summary of pending prompts at predefined intervals (hourly or daily basis) to manage pending prompts more efficiently.

Bulk Approval 

• No bulk approval is supported.

Audit Log Entries for Interventions

• The Audit Log contains all operations and approval data to allow users to identify any discrepancies. The Audit Log records all operations, confirmations, and denials. The Audit Log includes user IDs of both Operator and Approver, and intervention details.