15.2 Encryption Request Management
15.2.1 Decryption Request Management
By default, Decryption Request Management displays all decryption requests, including both approved and pending requests. Requests can be searched and filtered using various criteria.
Online Approval
When the client is online, the decryption request and approval process proceeds as follows:
- The client submits a decryption request via the right-click menu or scanning tool.
- A notification appears on the console, and the request is listed in Decryption Request Management with the status Pending Approval.
- Double-click the request to view request details and file content.
- To approve, click Approve; to reject, click Reject.
- Once approved, the client can decrypt the file in the request details window.
Offline Approval
When the client is offline, the decryption request and approval process is as follows:
- The client submits a decryption request via the right-click menu or scanning tool, which generates a request file in the request information menu.
- The administrator imports the request file in Decryption Request Management by right-clicking and selecting Import Request File.
- A notification appears on the console, and the request is listed in Decryption Request Management with the status Pending Approval.
- Double-click the request to view its details and file content.
- To approve, click Approve; to reject, click Reject.
- In Decryption Request Management, select the request, right-click, and choose Export Approval Result to save the approval outcome to a file.
- Send the exported approval result file to the client. The client imports this file in the request information menu to complete decryption.
Quick Approval
Select multiple decryption requests, right-click, and choose Quick Approval. Click Approve to approve all selected requests, or Reject to deny them.
Delete Requests
Administrators with permission to delete decryption requests can remove requests from the system. In the decryption request view, select one or more requests and choose a deletion mode: Delete Selected, Delete Current Page, or Delete All Matching Records.
Note:
- Decryption requests in any status can be deleted. If an approved request that has not yet been distributed is deleted, the approval result will not be sent to the client.
15.2.2 External Transfer Request Management
External Transfer Request Management functions similarly to Decryption Request Management.
Online Approval:
When the client is online, the external transfer request and approval process is as follows:
- The client submits an external transfer request via the right-click menu or scanning tool.
- A notification appears on the console, and the request is listed in External Transfer Request Management with the status Pending Approval.
- Double-click the request to view details and file content. For multi-level directories, double-click a folder to view subfolders. Click the icon
or icon 
to return to the parent directory.
- To approve, click Approve; to reject, click Reject.
- Once approved, the client generates the external transfer files in the request information window.
Offline Approval:
When the client is offline, the external transfer request and approval process proceeds as follows:
- The client submits an external transfer request via the right-click menu or scanning tool, generating a request file in the request information window.
- The administrator imports the request file in External Transfer Request Management by right-clicking and selecting Import Request File.
- A notification appears on the console, and the request is listed in External Transfer Request Management with the status Pending Approval.
- Double-click the request to view details and file content.
- To approve, click Approve; to reject, click Reject.
- In External Transfer Request Management, select the request, right-click, and choose Export Approval Result to save the approval outcome.
- Send the exported approval result file to the client. The client imports this file in the request information window to generate the external transfer files.
Quick Approval
Select multiple external transfer requests, right-click, and choose Quick Approval. Click Approve to approve all selected requests, or Reject to deny them.
Delete Requests
Administrators with permission to delete external transfer requests can remove them. In the external transfer request view, select one or more requests and choose a deletion mode as needed: Delete Selected Records, Delete Current Page Records, or Delete All Matching Records.
Note:
- External transfer requests can be deleted in any state. If an approved request has not yet been delivered, deleting it will prevent the approval result from being sent to the client.
15.2.3 Temporary Offline Request Management
When a client needs to travel for a short period, such as completing a business trip within a few days, it is recommended to use the Temporary Offline function. By default, the Temporary Offline Request Management view displays all temporary offline requests.
Online Approval:
When the client is online, the approval process for a temporary offline request is as follows:
- The client submits a temporary offline request.
- A pop-up notification appears on the console, and the request is listed in the Temporary Offline Request Management view with the status Pending Approval.
- Double-click the request record to open the approval window, where you can review the client's reason for the request and the requested offline expiration time. If necessary, the administrator can adjust the expiration time.
- To approve, click Approve; an authorization code is generated in the approval window. To reject, click Reject and provide a reason for the rejection.
- Once approved, the client goes offline. From that moment until the expiration time, the client operates in fallback mode, following online encryption and decryption policies.
- The client can view the approval result in the request information window.
Offline Approval
When the client is offline, it cannot submit a temporary offline request. In this case, the administrator must create the request from the console. The steps are as follows:
- On the Temporary Offline Approval page, click the Create Request button
.
- Select the target offline computer or computer group, then click OK.
- Specify the expiration time and click Approve.
- The offline request dialog closes, and an approved record is automatically added to the Temporary Offline Request Management window.
- The administrator double-clicks the record to reopen the offline request dialog and retrieve the authorization code. This code is then communicated to the offline client (e.g., by phone or other means). After the client imports the authorization code, it enters temporary offline mode and follows online encryption/decryption policies until the administrator-defined expiration time.
Delete Request
Administrators with permission to delete temporary offline requests can delete them. In the Temporary Offline Request view, select one or more requests, and choose a deletion mode as needed: delete selected records, delete current page records, or delete all matching records.
Note:
- Any temporary offline request can be deleted, regardless of its status. If an approved but undistributed request is deleted, the approval result will no longer be delivered to the client.
15.2.4 Document Property Change Request Management
Document property change requests are managed in a manner similar to decryption requests.
Online Approval:
When the client is online, the steps for submitting and approving a document property change request are as follows:
- The client submits a document property change request via the right-click menu or the scanning tool.
- A notification bubble appears on the console, and the request record (with status Pending Approval) can be viewed under Document Property Change Request Management.
- Double-click the request record to view the request details and file content.
- To approve, click Approve; to reject, click Reject.
- Once approved, the client can modify the document properties in the request information window.
Offline Approval:
When the client is offline, the steps for submitting and approving a document property change request are as follows:
- The client uses the right-click menu or scanning tool to request a document property change, which generates a request file in the request information window.
- The administrator obtains the request file, then in the Document Property Change Request Management interface, right-clicks and selects Import Request File, and imports the file.
- A notification bubble appears on the console, and the request record (with status Pending Approval) can be viewed under Document Property Change Request Management.
- Double-click the request record to view the request details and file content.
- To approve, click Approve; to reject, click Reject.
- In the Document Property Change Request Management interface, select the request record, right-click, and choose Export Approval Result, then save the file.
- Send the exported approval result file to the client. The client imports the result file in the request information window and then modifies the document properties.
Quick Approval
Select multiple document property change requests at the same time, right-click and choose Quick Approval. To approve, click Approve; to reject, click Reject.
Delete Request
Administrators with permission to delete document property change requests can remove them. In the document property change request view, select one or more requests and choose a deletion mode as needed: delete selected records, delete all records on the current page, or delete all records that meet the conditions.
Note:
- Requests in any status can be deleted. If an approved request has not yet been distributed, once deleted, the approval result will no longer be delivered to the client.
15.2.5 Delegation of Approval Authority
When an administrator is away, they can temporarily delegate their approval authority to a trusted administrator to handle approval tasks. System administrators can also assist other administrators by delegating their authority to someone else. During delegation, the authorization time frame and scope of approval authority can be defined. Once the set period expires, the delegated authority is automatically revoked.
Only administrators with the "Workflow Management – Approval Authority Delegation" permission can delegate authority to others. Only administrators with "Encryption Function Management Authority" can accept delegation. System administrators can view all delegation records.
| Icon Button |
Description |
 |
An administrator can act as both a delegator and a delegate. You can switch views between delegated and received authorizations. System administrators can also switch to view delegation records of all administrators. |
 |
Configure approval authority delegation. |
 |
Delete a delegation, i.e., revoke the delegated authority. |
Delegating Approval Authority
The steps to delegate approval authority to another administrator are as follows:
- From the menu bar, select "Application Management" to open the main management window, then go to "Application Management -> Encryption Application Management -> Approval Authority Delegation."
- Click the button to switch to the authority delegation settings interface, then click the button to open the Approval Authority Delegation Settings window.
- In the General tab, check "Enable Delegation," select the entrusted administrator, set the delegation start and end time, and enter remarks.
- Switch to the Functional Permissions tab to select the permissions to delegate. You may choose to delegate all permissions or only specific ones. After configuration, click [OK].
- Go to "Application Management -> Encryption Application Management -> Approval Authority Delegation -> Delegation Settings" to view the details of the delegated authority.
Delegated Authority Reassignment
- Log in with System Administrator privileges. In the Approval Authority Delegation interface, click the button to switch to the "View All Delegations" interface, then click the button to open the Delegated Authority Reassignment Settings window.
- In the General tab, check "Enable Delegation", select the entrusted administrator, set the start and end time of the delegation, and enter remarks.
- Switch to the Functional Permissions tab to select the permissions to delegate. You may choose to delegate all permissions or only specific ones. After configuration, click [OK].
- Navigate to "Application Management -> Encryption Application Management -> Approval Authority Delegation -> View All Delegations" to review the details of the reassigned authority.
Automatic Delegation Suspension
When configuring Delegation or Delegated Reassignment, the General tab includes the option "Automatically suspend delegation when the delegator is online". If this option is selected, the delegatee will only hold the delegated authority when the delegator is not logged into the console. Once the delegator logs into the console, the delegation is suspended and the delegatee's authority is revoked.
This setting only provides a temporary suspension while the delegator is online. After the delegator logs out, the delegatee will automatically regain the delegated authority. To permanently revoke delegated authority, the delegator must delete the delegation in the Approval Authority Delegation interface.
Note:
- Delegated authority cannot be further delegated or reassigned to other administrators.
15.2.6 Approval Workflow Management
The multi-level approval feature supports complex organizational approval processes, ensuring that requests are reviewed and verified by managers at each level. In a multi-level approval workflow, the roles responsible for each level are referred to as Encryption Approvers. Encryption Approvers are administrators with encryption management permissions.
Administrators with "View Encryption Approval Workflow" and "Configure Encryption Approval Workflow" permissions can log in to the console, navigate to "Application Management -> Encryption Application Management -> Approval Workflow Management", and perform all workflow management operations.
Function Button Description
| Icon Button |
Description |
 |
Search – Click to query approval workflows based on specified criteria. |
 |
New – Click to create a new workflow. |
|
Edit – Click to edit the selected workflow. |
 |
Delete – Click to delete the selected workflow. |
 |
Copy – Click to duplicate the selected workflow. |
 |
Export – Click to export all workflows; supported formats: HTML, XLSX, CSV. |
 |
Move Up – Move the selected workflow up by one position. |
 |
Move Down – Move the selected workflow down by one position. |
 |
Replace–After selecting a specific process, click this button to assign a new approver. |
 |
Restore – Click this button to cancel a new or modified workflow. |
 |
Save – Click this button to save the workflow settings or modifications for them to take effect. |
Search Workflow
Click the "" button to open the search dialog. Enter the search criteria, which can include Name, Request Type, Request Target, and Approver, with support for fuzzy search. Clicking the Search button will locate the first matching record; clicking it again will move to the next matching record.
Create Workflow
Click the "" button to create a new workflow. The new workflow includes workflow conditions and workflow stages. By default, the newly created workflow is disabled. Check the box before the workflow name to enable it.
Workflow Conditions Include the Following:
| Field Name |
Description |
| Basic Settings |
Configure the basic information of the workflow. |
| Workflow Name |
Name of the new workflow. Cannot duplicate an existing workflow name. If left blank, it defaults to "Approval Workflow", with subsequent workflows named "Approval Workflow_1," "Approval Workflow_2," and so on. |
| Request Type |
Select the request types that this workflow can match. You may choose all or one/multiple specific types. |
| Request Target |
Select the targets this workflow can match, such as computers, users, or roles. |
| File Settings |
Configure file attributes. Leaving this blank means no restrictions. |
| File Count |
Only requests with a number of files within the specified range will match this workflow. Range: [0, 100,000]. |
| Total File Size |
Only requests with total file size within the specified range will match this workflow. Range: [0, 100,000,000]. |
| File Path / File Type |
Only requests whose file paths or file types match the configured settings will match this workflow. You can specify file paths, file types, or a combination of both. Separate multiple conditions with commas (,) or semicolons (;). Wildcards are supported, e.g., *.doc, *.txt, C:\test\*. Conditions are evaluated using an OR logic. |
| Document Attributes |
Click the button  to open the condition settings dialog, where you can configure the file's "Set Permissions" and "Access Permissions."
- If “Match any of the above conditions” is checked, the workflow will match if any single condition is met. If unchecked, all conditions must be exactly met for the workflow to match.
Leaving this blank means there are no restrictions.
|
| External Recipients |
Select the External Recipients.
- If “Match any of the above conditions” is checked, the workflow will match if any one condition is met. If unchecked, all conditions must be fully satisfied for the workflow to match.
Leaving this blank means there are no restrictions.
|
| External Distribution Settings |
Click the button to open the condition settings dialog, where you can configure external distribution properties (Print, Virtual Print, Clipboard, Screenshot, Edit/Modify) and their corresponding conditions (Allow/Block).
- If “Match any of the above conditions” is checked, the workflow will match if any single condition is met. If unchecked, all conditions must be fully satisfied for the workflow to match.
Leaving this blank means there are no restrictions.
|
| Temporary Offline |
Select the duration range, with units available in minutes, hours, or days, up to a maximum of 1,000 days.
- If “Temporary Offline” is not checked, there are no restrictions.
|
Click the "icon" button to add workflow stages. You can create multiple stages, and each stage can be edited, deleted, or moved up and down. At least one stage is required to complete the workflow setup. Workflow stage settings include the following:
| Field Name |
Description |
| Stage Name |
Name of the new stage. Format is flexible, required, and must be unique. |
| Approvers |
All approvers for this stage. Multiple approvers can be selected; selection is required. There are two approval modes:
- 1. Hierarchical Approval: Approvals are carried out level by level according to the predefined approval hierarchy.
- 2. Designated Approvers: One or more specific approvers can be selected to handle the approval for this stage.
|
| Approval Conditions |
The stage can be set to pass if "All approvers must approve" or "A specified number of approvers must approve". The specified number cannot exceed the total number of approvers.
- If Hierarchical Approval is selected, the approval condition applies to each level in the approval chain. The stage only advances to the next level when the current level meets the approval condition. If any approver at a level rejects, the stage cannot pass.
- The stage concludes only after all multi-level approval conditions are fulfilled.
|
Note:
- 1. When creating a new workflow, some pages are only applicable to specific application types (these pages include prompts). If the selected application types do not include a certain type, the pages relevant only to that type will not be displayed.
- 2. Hierarchical Approval is a multi-level approval based on predefined approval relationships. The number of approval levels and approvers at each level vary depending on the applicant, according to the preset approval hierarchy. For detailed usage, refer to the "Hierarchical Approval" section.
Edit Workflow
Click the Edit button to enter the workflow editing page, where you can modify the selected workflow, including all workflow conditions and settings.
Note:
- Editing a workflow will invalidate any pending applications that belong to this workflow.
Copy Workflow
Click the Copy Workflow button to duplicate the selected workflow. The copied workflow is placed at the top of the workflow list by default, with its name appended by _N, where N indicates the copy version number of the original workflow in the list. All settings of the copied workflow, including its enabled status, are identical to the original.
Delete Workflow
Click the Delete Workflow button to remove the selected workflow. If there are pending applications in the workflow being deleted, those applications will be terminated, and the applicants will receive a corresponding notification.
Automatic Approval
Select a workflow, click the icon button "
", and choose Set Automatic Approval to configure automatic approval settings:
| Settings |
Description |
| Conditions Met |
By default, this option is unchecked. All submitted applications will enter automatic approval immediately. If checked and a timeout is set, the workflow will automatically approve the application if it remains unapproved after the specified duration from submission. |
| Approval Action |
The result of automatic approval. Default is Auto Approve; can also be set to Auto Reject. |
| Approval Comments |
Comments filled in during automatic approval. Default is empty; can be added as needed. If the action is set to Auto Reject, comments must be provided. |
Select a workflow with automatic approval enabled, click the "icon" button "",and choose Cancel Automatic Approval to disable automatic approval for that workflow. Setting or canceling automatic approval does not alter the original workflow, and ongoing applications under automatic approval will remain valid.
Replace Workflow
Select one or more workflows, click the Replace button "", and open the Replace Approver dialog. In the dialog, choose the original approver(s) and the new approver(s). After confirming and saving, the approvers in the selected workflows will be replaced with the new approvers.
Note:
- The original approver can only be selected from the approvers included in the selected workflow(s), while the new approver can be chosen from all users. After replacing approvers, any pending requests under this workflow will become invalid.
Workflow Matching Principles
Requests are matched against the approval workflows in the list from top to bottom. Once a request matches a workflow, no further workflows are checked. If a request does not match any custom workflow, it will default to the system workflow, which is approved by administrators with the corresponding approval permissions or system administrators. The default workflow cannot be modified, moved, or deleted.
After a request matches a workflow, it proceeds sequentially through each workflow stage. Only when the approval conditions for the current stage are met can the request move to the next stage. Only approvers assigned to the current stage can approve; approvers of other stages cannot. A request is considered approved only after passing all stages.
If a request is at stage N and the required number of approvers approve, it proceeds to stage N+1. If the required number of approvals is not reached and an approver rejects, the request reverts to stage N−1. Approvers at stage N−1 do not need to reapprove; if any approver clicks Reject, the request will move back to stage N−2. If any approver clicks Explain and provides a justification for approval, the workflow returns to stage N.
Note:
- Approver accounts included in a workflow may experience permission changes or be deleted. In an active workflow, if any stage has fewer approvers with encryption management permissions than the required number for approval, that workflow becomes invalid.
- For approvers who lose their encryption management permissions, restoring their permissions will not reactivate the invalidated workflow.
15.2.7 Automatic Approval Settings
Administrators can grant specific approvers the permission to perform automatic approvals. Once enabled, applications submitted by clients to these approvers will be approved automatically.
Approvers must have the "Allow Automatic Approval" permission to enable this feature. Administrators can grant this permission via the console under Tools → Account Management → Encryption Features → Workflow Management, by selecting Allow Automatic Approval.
Enable Automatic Approval
The approver logs into the console and navigates to Workflow Management → Automatic Approval Settings. Click the Edit button, check Enable Automatic Approval, and select the active time. By default, this is set to all day. You can choose a predefined time type (set under Classification Management → Time Types) or select Custom to define a specific time range in the pop-up time selection window. Click OK to activate automatic approval.Applications submitted by clients during the specified time will be automatically approved when routed to the corresponding approver.
View Application Details
When an application is approved via automatic approval, the approval action is displayed as "Approve Application (Automatic)" both in the console under Encryption Application Management and on the client side under View Encryption Application Status → View Application Details.
Don't see what you're looking for?
