22.1 Understanding Access Request

Figure 22-1 Access Request Process

The Access Request capability allows administrators, application owners, supervisors, and other users to perform various tasks based on their authorizations. The Identity Governance users can perform the following tasks based on their runtime authorizations and the request and approval policies:

  • Review their current access or the access for other users

  • Review access that is recommended for them based on business role policies

  • Search or browse and request application access that is available to request

  • Search or browse and request technical roles to request a group of permissions in a single step

  • Search or browse and request business role membership

  • Specify effective (future start) and expiration (future end) dates for requests

  • Retract access request

  • Retry failed request after fixing the cause of the error

  • Compare access of multiple users when authorized by request policy

  • Specify workflow as approver

  • Edit or create custom workflow for approval

  • Approve requests when assigned as an approver in approval policy

  • Approve or resolve potential SoD violations when assigned as an approver in SoD violation policy

  • View a list of current access requests, status of each request, and a timeline of all related events including fulfillment and reassignment details

  • View a list of completed requests and approvals

In addition to the above tasks, users with Access Request Administration authorization can:

  • Create, edit, preview changes, compare to draft, simulate workflow, and publish customized request and approval forms for permissions and applications

  • Configure default request policy and create additional request policies to specify who can request what

  • Create approval policies to specify requests that need approval or that enable requests to be pre-approved or automatically routed for approval