Skip to main content
The following examples illustrate the different use cases for our Request Review scripts, and how you might implement it in your environment.

Auto-Approve Based on Duration

request = context.get_request()

if request.requested_duration_minutes and request.requested_duration_minutes <= 240:
    actions.approve("Auto-approved: 4 hours or less")
else:
    actions.comment("Duration exceeds auto-approval threshold")

Route Based on Resource Type

request = context.get_request()

for resource in request.requested_resources:
    if resource.resource_type == "AWS_IAM_ROLE":
        if "prod" in resource.resource_name.lower():
            actions.comment("Production AWS access requires manual review")
            break
else:
    # No production resources found
    actions.approve("Auto-approved: non-production access")

Validate Custom Fields

request = context.get_request()
custom_fields = request.custom_fields

# Require ticket number for non-emergency requests
is_emergency = custom_fields.get("emergency_access", False)
ticket_number = custom_fields.get("ticket_number", "")

if is_emergency:
    actions.approve("Auto-approved: emergency access")
elif ticket_number:
    actions.approve("Auto-approved: ticket " + ticket_number)
else:
    actions.deny("A ticket number is required for non-emergency access")

Check Prerequisite Access

request = context.get_request()

PREREQUISITE_GROUP = "550e8400-e29b-41d4-a716-446655440000"

if request.target_user_id:
    has_prereq = accesslib.check_access(
        request.target_user_id,
        PREREQUISITE_GROUP
    )

    if has_prereq:
        actions.approve("User has prerequisite access")
    else:
        actions.deny("User must first obtain access to the prerequisite group")
else:
    actions.comment("No target user specified")

Complex Multi-Condition Logic

def evaluate_request(request):
    reason_lower = request.reason.lower()

    # Check deny conditions
    if "permanent" in reason_lower:
        return ("deny", "Permanent access requires executive approval")

    # Calculate approval score
    score = 0

    # Short duration
    if request.requested_duration_minutes:
        if request.requested_duration_minutes <= 240:
            score = score + 2
        elif request.requested_duration_minutes <= 480:
            score = score + 1

    # Has detailed reason
    if len(request.reason) >= 50:
        score = score + 1

    # Urgent keyword
    if "urgent" in reason_lower or "emergency" in reason_lower:
        score = score + 2

    # Make decision
    if score >= 3:
        return ("approve", "Auto-approved: score " + str(score))
    else:
        return ("comment", "Score " + str(score) + ", requires manual review")

request = context.get_request()
decision, message = evaluate_request(request)

if decision == "approve":
    actions.approve(message)
elif decision == "deny":
    actions.deny(message)
else:
    actions.comment(message)