Control over recovery actions in a hosted environment may be provided. Hosted computed environments, such as datacenters, rely on automation to provide high level of service availability and customer data security. However, in some cases manual actions by designated support users are required to restore service availability. Often the user is required to execute a sequence of related commands to resolve the issue. It is important to protect hosted service environment from possible errors in manual user actions or intentional misconduct. Conventional solutions require setting up a granular permission model in the hosted environment wherein support users are delegated with a minimal set of permissions to perform their routine tasks. In the event they need to execute a command that can potentially compromise service availability or customer data security, they have to follow a designated approval process, where commands to be executed must be submitted to high privilege expert decision makers (approvers).