21.1 Understanding Access Request

Figure 21-1 Access Request Process

The Access Request capability allows administrators, application owners, supervisors, and other users to perform various tasks based on their authorizations. The Identity Governance users can perform the following tasks based on their runtime authorizations and the request and approval policies:

  • Review their current access or the access for other users

  • Review access that is recommended for them based on business role policies

  • Browse and request application access that is available to request

  • Browse and request technical roles to request a group of permissions in a single step

  • Retract access request

  • Retry failed request after fixing the cause of the error

  • Compare access of multiple users when authorized by request policy

  • Approve requests when assigned as an approver in approval policy

  • Approve or resolve potential SoD violations when assigned as an approver in SoD violation policy

  • View a list of current access requests, status of each request, and a timeline of all related events including fulfillment

  • View a list of completed requests and approvals

In addition to the above tasks, users with Access Request Administration authorization can:

  • Create, edit, preview changes, compare to draft, simulate workflow, and publish customized request and approval forms for permissions and applications.

  • Create approval policies to specify requests that need approval or that enable requests to be pre-approved or automatically routed for approval. For example, administrators can make access to an application available for anyone in your organization to request. Upon request, the access might be automatically granted based on the requester’s business role membership or routed to another person for approval, such as the requester’s supervisor or the application owner.