Adding a Reason for Approve/Deny

Sym enables approvers/deniers to give context for their decision via a decision_message.


In some request scenarios, it may be useful (or required) for a decision-maker to provide additional context along with their decision. For example:

  • Some denials might have simple reasons, like, "Please make sure to include a valid reason and re-request."
  • Some security programs require that all approvals to certain targets come with their own rationale.
  • You might want to throw a nice note in with your approval or denial -- there's nothing wrong with that!


Set include_decision_message to true in your sym_flow params. That's it! :confetti-ball:

resource "sym_flow" "circleci_approval" {
  name  = "ci-approval-${local.environment_name}"
  label = "CI Approval"

  implementation = file("${path.module}/impls/")
  environment_id =

  params {
    include_decision_message = true

Every new request using this Flow with include_decision message = true will have a decision message input box. It is always optional to fill, but you can choose to make in mandatory by checking for a value in the Flow's on_approve or on_deny Hook(s) (see example below).

Request message with decision message input box.

After the decision message is entered in the request message and the user hits "Approve" or "Deny", it will be visible in the request message:

Approved message with text "Decision Message: Go forth and conquer!" Denied message with text "Decision Message: You don't need this access."

Making decision messages mandatory

The following example will reject any denials with a blank decision message:

def on_deny(event):
    if not event.payload.fields.get("decision_message"):
        return ApprovalTemplate.ignore(message="You must enter a decision message to deny this request.")