Is it possible in TFS\VSTS to identify releases where the deployment approval was overridden?

Question

In TFS / VSTS administrators can approve release deployment even though they are not specified as approvers. They can use the Override option to approve the release.

I'm trying to determine whether we can report on this type of activity. I anticipate we will be asked (eg. by our audit / security people) to identify releases which were not approved by the usual approvers.

I've checked the deployment and approval history using the Rest API and the releases are all marked as Approved. It doesn't seem to distinguish between normal approvals and ones where an override was used.

We are currently using TFS 2017.1 but I suspect the question also applies to later versions and VSTS.

[ Update ]

This is the standard dialog showing the normal approver view ...

Normal Approval

This is what a TFS Admin (not in the approver group) gets ...

Override approval

Clicking on override shows the normal dialog and approval follows. This is normal TFS behaviour and I just want to report on when the override feature is used.

Answer 1

For the override of a release approval, it’s actually for another user approval the deployment on behalf of specified approval.

And there are multiple options you can identify whether a release approval is overridden.

Option 1: Check in the release log

You can check the release log -> click the approval icon -> then you can find who approval the deployment.

Option 2: Check by REST API

Or you can use Get Release REST API:

GET https://{account}.vsrm.visualstudio.com/Git2/_apis/release/releases/{releaseId}?api-version=4.1-preview.6

Then you can get the detail information under preDeployApprovals. If the user in approver different from the user in approvedBy, then the approval is overridden.