The Approval by Quorum feature enables an organization that uses the CORE partition(s) to specify operations that must be approved by a quorum of entitled users. See Commands Protected by Quorum.
To participate in the quorum approval process, a user must have SOSecurity officer - UKC partition administrator role. privileges assigned to it directly by its SOSecurity officer - UKC partition administrator role. role or indirectly by membership in a user group that grants to its members the SOSecurity officer - UKC partition administrator role. role.
In this section, we use term SOSecurity officer - UKC partition administrator role. to indicate a user with the SOSecurity officer - UKC partition administrator role. privileges.
CORE quorum properties:
- Execution of a quorum-protected operation:
- Only SOs can initiate a quorum-protected operation.
- The initiator of an operation is counted as the first approver.
- The initiator must explicitly launch the operation once the quorum approves it.
- To enable the quorum-based approval in a partition, modify the partition configuration by setting the Quorum Size to 2 and above (up to the number of the partition SOs).
- To disable the quorum-based approval, set the quorum size to 1, and wait for the quorum to approve it.
The Authorize Tab provides a means to track approval statuses, finalize or cancel an approval-pending operation.
The originator of the operation receives confirmation:
- In UI:
- In CLICommand Line Interface:
Quorum transaction pending: 74263c21-0351-4df2-87f3-ec326f867e82 need total of 2
To check the approval status, use Authorize Tab.
Operation approval parameters are set at the initiation of the operation. Changes in the quorum settings do not affect an operation already awaiting quorum approval.
The Authorize Tab appears in partitions that activated the Quorum feature. The Authorization Center provides an SOSecurity officer - UKC partition administrator role. the following services:
- My Requests - This shows the status of the requests initiated by you.
- For Approval - This shows the requests issued by other SOs and applicable for your approval.
- Other - Requests that do not meet the above criteria (for example, requests already approved by you but not executed by their initiators).
The following screen capture shows that there are 3 pending operations. Click the Authorize button to open the screen. It lists the requests:
- One of the requests that were initiated by you is ready for execution.
- There are two requests pending quorum approval.
To examine the status of operations initiated by you, click My Requests. The list of quorum-controlled operations initiated by you appears.
The list presents approval status:
- Ready for execution.
- Need further approvals.
- Have already been executed.
To inspect a task, hover with the mouse over the operation names and click on the text for the relevant row. For example, clicking the "Ready for execution" text in the previous example shows the following:
- To execute an operation, select it and click Execute.
- The request has expired.
- Conditions that allowed the operation during its initiation have since changed.
Executing an operation may result in an error that might happen for one of the following reasons:
In such a case, examine the cause of the failure, delete the operation, and, if needed, re-issue it.
- To delete an operation, select it and click Delete.
The deleted operation is removed from the Authorization Center records. It no longer shows on other SOSecurity officer - UKC partition administrator role. consoles.
You can delete a pending operation regardless of its state.
- To inspect and approve operations pending quorum approval,
click the For Approval tab.
→ appear operations pending the quorum approval.
- To inspect, approve or delete a pending request,
select it, and click Approve or Delete.
Deleting an operation initiated by another SOSecurity officer - UKC partition administrator role. may be required when the initiator is no longer associated with the quorum.
The Other list is a repository of operations that do not require your action. In general, it archives approved requests.