Managers sometimes use the ‘four-eye principle’, also known as the ‘two-man rule’, to provide a stronger control mechanism than a simple approval. This article shows you how to enforce the rule in an executable business process for ‘four-eye’ approvals, using Signavio Workflow.

Approval workflows

To start, consider a simple approval, where a ‘reviewer’ must approve or reject a proposal. This process starts with a ‘Review proposal’ user task, to choose between the exclusive gateway’s ‘Approve’ and ‘Reject’ options.

In this workflow, the process model assigns the ‘Review proposal’ task to a ‘Reviewer’ role (not shown on the diagram). This reviewer gives you the first two ‘eyes’, so you still need another two eyes on the proposal.

Adding a second approval

To use the four-eye principle in ‘four-eye’ approvals, you need to add a second approval task to the workflow, for a second reviewer. The model now duplicates the pattern of a ‘review’ user task, followed by a manual decision exclusive gateway.

The process model now has two review tasks, which it assigns to the user roles ‘First reviewer’ and ‘Second reviewer’, respectively. However, this workflow unnecessarily constrains the two reviews/approvals to happen in sequence, instead of creating both review tasks at the same time.

Parallel approvals

Use a parallel split and join (parallel gateway) to allow the reviewers to complete the two approvals in either order. When you run this process, you want the ‘First review’ and ‘Second review’ tasks to be created at the same time, so you can complete either one first.

To make this work, this model must change the ‘Approved?’ exclusive gateway from a manual decision to an automatic decision. The process model requires this because the exclusive gateway does not immediately follow a single user task.

To change the double-approval to an automatic, first add the decision as a Yes/No field on each approval task’s form.

Next, configure the exclusive gateway to make an automatic decision based on the two review tasks’ approval fields, called ‘First approval’ and ‘Second approval’ in this example. Under ‘Decision type’, select ‘Automatic’. Then add two conditions to the approval case, one for each approval field. Set the Rejection case as the default.

Now you have a workflow with two parallel approvals. However, you have not finished yet because although this process supports the four-eye principle, it doesn’t enforce it. You would still be able to assign the ‘First reviewer’ and ‘Second reviewer’ roles to the same person.

Enforcing the rule for ‘four-eye’ approvals

Using the four-eye principle for approvals has two requirements:

  1. You need the double-approval workflow from the previous section.
  2. You must enforce the four-eye rule, by making sure that you cannot assign the two reviewer roles to the same person when you execute the case.

To ensure separate reviewers, assign both roles and then check that the assignments differ. First add a new ‘Assign reviewers’ user task at the start of the process, to assign the two reviewer roles using two User form fields, called ‘First reviewer’ and ‘Second reviewer’, respectively.

Next, add an exclusive gateway after the ‘Assign reviewers’ task, and configure it as an automatic decision that checks that the two reviewers are not the same person. Add a ‘does not equal’ condition for the ‘First reviewer’ field, and instead of a fixed value use the field link button to select the ‘Second reviewer’ field.

If the two reviewers are the same, loop back and create an ‘Assign reviewers’ task again, so you can correct the problem. The model now has a new pair of exclusive gateways at the start.

The final process model now enforces the four-eye rule and includes two review tasks.

If you want, you could add a read-only Text field called ‘Message’ to the ‘Assign reviewers’ user task form, and use that to show the message ‘The two reviewers are the same, which isn’t allowed’ to the form. To automatically set this validation error message value, use a JavaScript action.

Fine-grained workflow control for everyone

This ‘four-eye’ approvals example introduces more complexity than a simple approval workflow. However, each step in setting this up only makes a small change that builds on the previous step. This makes a change that would normally require custom software available to everyone who can model a workflow.

Try out your own ‘four-eye’ approvals and other custom workflows today: sign up for a free 30-day trial.

Published on: January 13th 2017 - Last modified: November 13th, 2020