Terminology
Request - A multiperson authorization request to perform a critical operation.
Requester - A user who wants to perform a critical operation that requires multiperson authorization.
Approver - An individual who reviews and allows an operation that requires multiperson authorization by approving a request.
Exempted user - A user who does not need multiperson authorization for operations except the following:
To modify multiperson authorization configuration
To modify security properties
This eliminates the necessity for any approvals. However, it must be used with caution. If the exempted user account is hacked, the multiperson authorization process can be of no use as it is bypassed for this user. For additional security, it is recommended that there are no exempted users.
Note:
Exempted users are currently supported only for SED operations.
Expiration period - It is a configurable option that defines the duration for which a multiperson authorization request can be in the Pending state. A request expires if it is in the Pending state for more than the configured expiry period.
Expiration period can vary from minimum 48 hours to 168 hours.
Deletion period - It is a configurable option that defines the period (in days) after which requests will be deleted when no action is performed on them.
Deletion period can range from 7 to 180 days..