Compliance Lock Self Service

Hi @Mauro,

Thank you for your question!  Although we have removed the requirement for Customer Support to be directly involved in these requests, and have also removed the requirement for the signed document to be provided on company letterhead, we have not opened this up for a single individual to remove Compliance Lock.

This new self-service portal form is only supposed as of 11.32 (Commvault Platform Release 2023E) and beyond.  Beginning with this release, any attempt to disable Compliance Lock triggers a Multi-Person Authorization workflow.  The operation will essentially be queued until another user with Administrative permissions accepts the request.

As soon as the command is executed, the user will be notified in the command prompt that the process will not be completed until multi-person authorization is satisfied.  I have run through a test of this in my lab to showcase the behavior.

Here is the notification the executing user will see once the script has been executed:

 

The users that are configured to receive multi-person authorization requests (by default, all users in the [master] group) will receive an email such as this:

Additionally, those same users can see the same request in the Command Center’s Monitoring > Approvals Dashboard:

Compliance Lock will only be disabled once another Master user approves the request.

I hope this answers your question!

-Brian Bruno

Yes, This is configurable under GetAndProcessAuthorization Workflow Configuration tab:

If the request is sent by an admin account and there is no other admin (master) account, the request is approved automatically:

Thank you for all the feedback on this.

I’m going to set this up in my lab and simulate a few scenarios based on what we’ve encountered in the field.

I will update this thread with what I’ve managed to test.