Guides

Change request

What is a Change request?

Change requests relate to four-eyes approvals and are requests to change sensitive organizational settings. When four-eyes approval is enabled, any changes to for example user management or payment approval chains will generate a change request that requires approval from a second user before the changes take effect.

How to create change requests

Change requests are automatically created when an operation is performed that requires Four-Eyes Approvals, for example when altering a role, inviting a new user or modifying an approval chain.

How to approve change requests

  1. Navigate to Settings → Organization (for Counterparties, navigate to Payments → Counterparties)
  2. Click the Change requests tab (for Counterparties, click the Needs approval tab)
    1. Changes awaiting your approval can be found under My Approvals. To approve a change you can either approve it directly in the list, or open a specific change request to see more details about the change request before approving.
    2. Requested changes can be found under All Approvals. These cannot be approved by the user requesting the change, but are still visible to the creator of the change request.

Best practices

  • Atlar will require that at least two users approve changes if the four-eyes approval is enabled, but it's beneficial to have additional approvers to ensure coverage in case approvers are unavailable or leaves the company.
  • To ensure your organization is fully protected, it is recommended to enable four-eyes approval for all the features used within the organization.
  • It’s recommended to only invite each person once with a personal email address in order to reduce risks related to a person acting as multiple users.
  • Only give the necessary permissions for each role (the Principle of Least privilege).

How to recover from having too few users with approval permission

To ensure change requests can always be approved, it's important to have enough users with approval permissions in case someone is unavailable or leaves the company. If your organization has too few approvers, contact Atlar at [email protected] to manually disable the four-eyes approval requirement. This process includes a verification step to ensure that only authorized users regain approval access.

Updated 9 days ago