If an object or an operation is covered by the Maker-checker policy then the following workflow applied:
- A user with related maker permission should create the object or perform the operation. For example, to create a user a maker user should have
- After clicking the Save button the request with type User create will appear in the Maker/Checker tab.
- A user with related checker permission, in this case, CHECKER_FOR_USER should open Maker/Checker tab, find that request and approve or reject it.
- If a checker user has approved it the new user appears in the system. If rejected - the new user won't be created.
The same workflow works for edit operations, e.g. until the checker confirms the request nothing changes.