Data Mesh Manager

Approval Workflow

Managing the approval of access requests.

Access agreements represent the edges in the data mesh graph. They are the basis for granting access or revoking access to the actual data in the data platform. On approval, the access is granted, and on deactivation, the access is revoked. Access can be requested by data consumers and needs to be approved or rejected by data owners.

The Data Mesh Manager offers three ways to manage the approval of access requests:

No Approval Workflow

For uncritical data, no approval workflow is necessary. A data consumer simply gets the data they need, without the data owner having to approve manually.

The Data Mesh Manager supports this via the auto approve feature. When an output port has this feature enabled, all requested access requests to this output port get automatically approved. Additionally, in the special case of sharing data within a team, the access request gets automatically approved as well, regardless whether the feature is enabled of the output port.

In any case, an access resource is always created, and the data consumer has to provide a reason why they want to use the data. This is necessary to create lineage between the data products.

Simple Approval Workflow

For confidential and restricted data, an approval workflow is necessary. A data consumer requests access to the data they need, and the data producer approves or rejects the request.

Data Mesh Manager supports a simple approval workflow in the web UI. After an access request has been requested by the data consumer, the owner of the providing data product can approve or reject the request within the web UI of the Data Mesh Manager.

External Approval Workflow

In many companies, there might already exist a complex approval workflow in a dedicated system.

The Data Mesh Manager supports the integration of an external approval workflow via its REST API. The access would still be requested in the Data Mesh Manager, but this would trigger an AccessRequestedEvent in /api/events which should start the approval workflow in the external approval system. The external approval system can add a link to where the current decision is being made back to the Data Mesh Manager adding to the access resource by updating the REST resource (/api/access/$id). Once a decision has been reached in the external approval system, the access can be approved or rejected via the appropriate API calls (/api/access/$id/approve and /api/access/$id/reject) to the Data Mesh Manager, including additional metadata about the decision.

Reach out to support if you need customized integration with your external approval system.