What does the 'drone build approve' command do?

Don’t know what drone approve command do at all, there is no much information about this. The documentation just say that approves a build but, what is the difference between an approved build and an declined build?
I think is for prevent the build to be deployed, but are all the builds approved by default and if you don’t want to be deployed you must decline it or what?
How this is supposed to work?

If a repo is marked as “protected” in settings, then, if a pull request modifies the .drone.yml file and is not from a drone admin (correct me if I’m wrong @bradrydzewski ), Drone will hold the build for approval by an admin, using the GUI or that command. This is for security reasons, so people can’t modify the .drone.yml and execute arbitrary code on your public Drone server.

Thank you @markspolakovs that makes sense.