Concept | Sign-off process#

A sign-off process ensures that model versions and bundles have the proper approval before being deployed into production. Let’s see how the sign-off process works in Dataiku Govern.

Reviews and approvals#

By default, model versions and bundles have the sign-off process built into certain workflow steps.

For model versions, a sign-off is connected the the Review step of the workflow.

The difference between a workflow step and the sign-off state.

In this image, you can see:

  1. The workflow step.

  2. The sign-off state.

Types of reviews#

There are two types of reviews: feedback reviews and final approvals.

Type

Description

Feedback review

Feedback reviews are optional. However, they’re useful for gathering input and suggesting improvements. Feedback reviews also provide additional information to help final approvers make informed decisions.

Final approval

Only the final approval is checked by the Deployer node. You can add multiple approvers, but only one final approval can be submitted in the process for the Deployer node to recognize the approval.

Both feedback reviews and final approvals provide a history of authorization that keeps processes transparent, traceable, and accountable.

Selecting reviewers#

You can add specific reviewers in the parent project of the model version or bundle that you plan to deploy. In the project overview, edit the Sign-off reviewers and approvers section to assign users and/or groups to the sign-off.

Dataiku Govern screenshot of the Sign-off reviewers and approvers section of the project overview.

Note

By default, Dataiku Govern includes IT & Operations, Risk & Compliance, and Business reviewers. You can change this in the Blueprint Designer if using Advanced Dataiku Govern.

Starting the review#

In the sign-off step of the workflow, you can initiate the sign-off. The feedback review is started when you select Request Feedback.

Dataiku screenshot of the request feedback section of a model version sign-off.

Note

The Request feedback window provides checkboxes to choose whether to send an email notification to reviewers. The requests will become active regardless of what you choose here.

The final approval process is started when you select Request Final Approval.

Dataiku screenshot of the final approval dialog for a model version sign-off.

Delegating a review#

If you know that someone else is better suited to review or approve the item, you can delegate the review. In other words, you can request that someone else review it.

Dataiku Govern screenshot highlighting the review and delegate buttons in the review step of the workflow.

Adding a review#

To submit a review, you can click the link in the email or open the sign-off step in the relevant Dataiku item. Once you have submitted your review, you can edit it, delete it, or add an additional review. You can’t add more than one final approval.

The final approver sets the sign-off status to approved, rejected, or abandoned.

Note

If the sign-off is Abandoned, you can select one of the following options:

  • Reset sign-off, which removes any previous data and starts the sign-off process over again.

  • Cancel abandon, which “undoes” the abandonment and restores all prior reviews.

Dataiku Govern screenshot of the cancel abandon option.

If you aren’t ready to give the final approval and wish to return to the feedback stage of the sign-off, you can select Go back to feedback stage from the vertical dot menu.

Dataiku Govern screenshot of the "Go back to feedback stage" button.

Deployment#

How does the sign-off in Dataiku Govern affect deployment? It depends on the Govern policy of your instance.

The Govern policy is defined in the Deployer node. There are three possible Govern Policies:

  • Prevent the deployment of unapproved packages.

  • Warn and ask for confirmation before deploying unapproved packages.

  • Always deploy without checking.

This means that even if a final approver rejects the sign-off, deployment may still be possible depending on the Govern policy.

Note

If Dataiku Govern and the Deployer node haven’t been linked, and a Govern policy hasn’t been chosen, an administrator can configure this following the reference documentation on sign-offs.

Sign-off reset#

After a certain amount of time, you might want to start the sign-off process again to check for and prevent something like deployment bias.

To do this, you can reset the sign-off. This removes any previous sign-off history and restarts the process.

Schedule reset (Advanced License Only)#

You can also schedule regular sign-off resets.

To create the schedule, you can either create a schedule in the sign-off itself for an item, or create a schedule in the Blueprint Designer. When creating a schedule in the Blueprint Designer, be mindful that the schedule will be applied to any Govern item that uses that blueprint.

Next steps#

After going through sign-offs and deployment, it can be useful understand model maintenance in Dataiku Govern.