The approval workflow idea is based on the 4-eyes principle when creating a new campaign: a campaign administrator will be responsible for creating a specific phishing or e-learning campaign. But he will only be able to start the campaign after a different user (the supervisor) reviewed the campaign and approved it. If the supervisor rejects the campaign a ticket with an expiry date will be created within the campaign for the administrator.
1. create a user with the "user" role. You don't need to assign any special rights here.
2. create a supervisor with "supervisor" role and assign the "user" as a supervised user
- add both "user" and "supervisor" to the same campaign. The "user" should have at least "start/stop campaign" permissions If the user needs to configure the campaign he also needs configuration access as well), the "supervisor" can have full permissions set for the campaign.
3. If the campaign admin will log in under his "user" role and starts the campaign it will be put on hold, until "supervisor" approves the launch. On this step, you can see a new entry created on "Supervision Log". Within the campaign dashboard, you will also see a small turning wheel that indicates that the campaign is waiting for approval
4. If the supervisor now logs in under his "supervisor" role and navigates to the same campaign he will be able to either reject or approve the campaign by clicking on the according to buttons:
If the supervisor rejects the campaign he will be able to create a ticket with an end date and severity that allows him to communicate the required changes:
In case of a rejected campaign the campaign admin with his "user" role will be able to see the desired changes within the supervision log:
Once the changes have been done the step 4 can be repeated again until the supervisor approves the campaign