Zum Hauptinhalt springen
Version: aktuell

My approval request was not received

When a VaultPAM session requires approval, VaultPAM sends a notification to the designated approver. If the approver never receives the notification — or you are the approver and do not see a pending request — one of four causes is usually responsible.

Symptoms

  • You submitted a session request but the approver says they received no email or in-app notification.
  • The approver checks the Approvals panel and sees no pending requests.
  • You see your request listed in Sessions → Pending but it eventually times out without action.
  • The approver received an email but clicking the approve link produces an error.

Causes

1. Approver email not configured

VaultPAM sends approval notifications to the approver's registered email address and, if configured, to a Slack or webhook channel. If the approver's email address is absent or incorrect in their profile, no notification is sent.

Check: Open Organization → Members → pick approver → Profile. Confirm an email address is present and correctly formatted. Also check that their account is active (not deactivated or pending invite acceptance).

Fix: Update the approver's email address. If the approver has not accepted their invite yet, resend the invite from Organization → Members → Resend invite. The approver must complete account activation before they can receive notifications.

2. Notification channel offline

VaultPAM can deliver approval notifications over email (SMTP), Slack, or a custom webhook. If the outbound channel is unavailable — SMTP relay down, Slack app revoked, or webhook endpoint returning errors — notifications silently fail to deliver.

Check for admins: Open Organization → Notifications → Delivery status (if available) or check the VaultPAM system logs for SMTP or webhook delivery errors. For Slack, confirm the VaultPAM Slack app is still installed in the workspace and the token has not been revoked.

Quick workaround: Approvers can always check the Approvals panel directly in the VaultPAM UI, even when email notifications fail. Ask the approver to open Approvals and look for the pending request.

Fix for admins: Restore the broken notification channel (restart the SMTP relay, re-authorise the Slack app, or fix the webhook endpoint). Re-test delivery with a low-stakes session request.

3. Approver has no permission to approve

An approver must have the Approver role for the specific Safe from which the session was requested. If their role does not include the approval permission, they will not appear in the approver list and will not receive a notification. This can happen when a role is updated or a Safe is transferred to a new owner without updating the approver list.

Check: Open Safes → pick Safe → Members and find the approver. Confirm their role includes the Approve permission. If the approver is not listed, they are not eligible to receive this request.

Fix: A Safe admin must update the approver's role or add them to the Safe with an approver-capable role. Once the role is corrected, the requester should cancel the current (now stuck) request and submit a new one — the approver will then be notified for the new request.

4. Request expired

Approval requests have a configurable TTL (default: 10 minutes). If no one approved or rejected the request before the TTL elapsed, the request transitions to Expired and no further action can be taken on it.

Check: Open Sessions → Pending or Sessions → History. If the request status shows Expired, the TTL has elapsed.

Fix: Submit a new session request. If the 10-minute TTL is too short for your organisation's approval workflow, ask a VaultPAM admin to increase it: Organization → Policies → Session approval TTL.

Resolution steps

  1. Ask the approver to check the Approvals panel directly in VaultPAM — this works even if email notifications are not delivering.
  2. Open Organization → Members → pick approver → Profile and confirm the email address is present and the account is active.
  3. Open Safes → pick Safe → Members and confirm the approver has a role that includes the Approve permission for this Safe.
  4. Check Sessions → Pending or Sessions → History to see if the request has already Expired. If so, submit a new request.
  5. If the approver can see the request in the Approvals panel but did not receive an email, ask an admin to investigate the notification channel in Organization → Notifications.
  6. If approval is urgent and the normal approver is unavailable, ask a Safe admin to approve the request directly via the VaultPAM UI.

Escalation path

If the above steps do not resolve the issue:

  1. Note the session request ID (visible in Sessions → History), the Safe name, and the intended approver's email address.
  2. Ask an admin to check VaultPAM system logs for SMTP or webhook delivery errors at the time the request was submitted.
  3. If the notification channel is confirmed working but requests still do not arrive, open a support ticket with the session request ID and the approver's user profile details.