Introduction

Tenant settings approvals extend the four-eyes principle to platform configuration changes. When this governance mechanism is enabled, modifications to system settings require independent review and authorization before taking effect, preventing unauthorized or erroneous configuration changes from impacting operations.

This approval workflow separates configuration modification from configuration authorization. Administrators make changes in an isolated draft environment, and separate approvers review and authorize those changes before they become active. This separation ensures that configuration changes undergo scrutiny and that no single administrator can unilaterally alter critical platform settings.

📘

Feature availability

Tenant settings approval requires the TENANT_SETTINGS_FOUR_EYES_REVIEW feature flag. This feature is enabled per organization based on governance requirements.

The draft-live concept

Tenant settings approval introduces a dual-environment model: a live environment containing the current effective configuration, and a draft environment where administrators prepare and accumulate changes. Draft changes do not affect platform behavior until independently reviewed and authorized by a separate approver.

For step-by-step instructions on reviewing, approving, and discarding pending changes, see Pending Changes.

Related documentation

Explore related sections for more information:

• Pending Changes - Configuration change management - Step-by-step instructions for the tenant settings approval workflow
• Tenant Settings - Administrative configuration for users, accounts, and rules - Configuration of specific tenant settings entities
• Payment Approvals - Payment approval concepts and workflows - Payment approval concepts and workflows

Support

For questions about tenant settings approval concepts or governance strategy, contact [email protected].