Auto-Approve Based on Duration
Copy
request = context.get_request()
if request.requested_duration_minutes and request.requested_duration_minutes <= 240:
actions.approve("Auto-approved: 4 hours or less")
else:
actions.comment("Duration exceeds auto-approval threshold")
Route Based on Resource Type
Copy
request = context.get_request()
for resource in request.requested_resources:
if resource.resource_type == "AWS_IAM_ROLE":
if "prod" in resource.resource_name.lower():
actions.comment("Production AWS access requires manual review")
break
else:
# No production resources found
actions.approve("Auto-approved: non-production access")
Validate Custom Fields
Copy
request = context.get_request()
custom_fields = request.custom_fields
# Require ticket number for non-emergency requests
is_emergency = custom_fields.get("emergency_access", False)
ticket_number = custom_fields.get("ticket_number", "")
if is_emergency:
actions.approve("Auto-approved: emergency access")
elif ticket_number:
actions.approve("Auto-approved: ticket " + ticket_number)
else:
actions.deny("A ticket number is required for non-emergency access")
Check Prerequisite Access
Copy
request = context.get_request()
PREREQUISITE_GROUP = "550e8400-e29b-41d4-a716-446655440000"
if request.target_user_id:
has_prereq = accesslib.check_access(
request.target_user_id,
PREREQUISITE_GROUP
)
if has_prereq:
actions.approve("User has prerequisite access")
else:
actions.deny("User must first obtain access to the prerequisite group")
else:
actions.comment("No target user specified")
Complex Multi-Condition Logic
Copy
def evaluate_request(request):
reason_lower = request.reason.lower()
# Check deny conditions
if "permanent" in reason_lower:
return ("deny", "Permanent access requires executive approval")
# Calculate approval score
score = 0
# Short duration
if request.requested_duration_minutes:
if request.requested_duration_minutes <= 240:
score = score + 2
elif request.requested_duration_minutes <= 480:
score = score + 1
# Has detailed reason
if len(request.reason) >= 50:
score = score + 1
# Urgent keyword
if "urgent" in reason_lower or "emergency" in reason_lower:
score = score + 2
# Make decision
if score >= 3:
return ("approve", "Auto-approved: score " + str(score))
else:
return ("comment", "Score " + str(score) + ", requires manual review")
request = context.get_request()
decision, message = evaluate_request(request)
if decision == "approve":
actions.approve(message)
elif decision == "deny":
actions.deny(message)
else:
actions.comment(message)

