To run any action in Tachyon 3.0 you first need to ask a question. Questions may have coverage and question filters applied that restrict the number of devices that send responses. When the responses come back you can then optionally apply a view filter to reduce the responses even further. When you select a follow up action, this will then be performed only on the final set of filtered responses.
Configuration of approvers is explained in the Roles page.
Enabling Tachyon users to run actions on devices in a network is always a powerful proposition. The potential for mistakes or deliberately malicious actions is always there. For this reason Tachyon has role-based access control to the features it presents and it implements an approval workflow that implements a process to prevent unauthorized changes from taking place.
Two-factor authentication is now the default mode for running Tachyon actions. When an actioner creates an action they are first required to enter their password. They are then required to enter an authentication code which is sent to them by email. Because this is now the default mode for performing actions there are numerous examples of two-factor authentication throughout this documentation wherever an action is described. A good example of the two-factor authentication process can be found in Performing an action - tutorial. You can also find some additional details in Two-factor authentication.