The method for giving Identity Governance users the ability to request and approve access varies. It requires administrators to configure request and approval forms and policies, and optionally, business roles and technical roles. Find next an overview of the various Access Request activities, configuration methods, and required authorizations.
|
Access Request Activity |
Configuration Method |
Configured By |
|---|---|---|
|
Search |
Configure the Default Access Request Policy, or create an access request policy and add items to the policy. |
Customer, Global, or Request Administrator |
|
Add items to Browse list |
Configure the Default Access Request Policy, or create an access request policy and add items to the policy. |
Customer, Global, or Request Administrator |
|
Add items to Recommended items list |
Add business roles to a request policy. Note that the Business Role Administrator must have defined business roles for you to add the roles to the Access Request policy. |
Customer, Global, or Request Administrator |
|
Specify approval rules for request Items |
Set up your approval steps in the approval policy and assign permissions, applications, or roles (technical roles) to that policy either while editing the policy definition or in the catalog using the bulk select menu. |
Customer, Global, or Request Administrator |
|
Specify coverage map for request approvals |
Create coverage map using Policy > Coverage Maps menu, and then specify approvers in a request approval policy as coverage map. |
Customer, Global, or Request Administrator |
|
Specify Workflow for request approvals |
Select a workflow as approver in the approval policy. |
Customer, Global, or Request Administrator |
|
Edit or create workflows |
After assigning applications and permissions to a approval policy that has workflow as a approver, launch Workflow editor from the associated application or permission Custom Forms tab in the catalog. |
Customer, Global, or Request Administrator who is also assigned as the Workflow Administrator |
|
Configure request item text or icons |
Edit the permission or application in the catalog. |
Customer, Global, or Data Administrator |
|
Create, edit, download, or import custom request and approval form |
Create, edit, download, or import the permission or application in the catalog. |
Customer, Global, or Request Administrator, or Application Owner |
|
Create, edit, download, or import default application or permission custom request and approval form |
Create, edit, download, or import the default permission or application forms in the Access Request Policies area. |
Customer, Global, or Request Administrator, or Application Owner |
|
Manage how requests are fulfilled |
Identity Governance Fulfillment > Configuration. |
Customer, Global, or Fulfillment Administrator |
|
Manage who can request on behalf of others |
Specify requesters in the Access Request Policy. |
Customer, Global, or Request Administrator |
|
Manage email notifications for request approvals |
Specify notifications frequency and additional recipients in the approval step of the appropriate Access Request Approval Policy |
Customer, Global, or Request Administrator |
|
Allow requesting collections of authorizations |
Assign technical roles to a Access Request Policy or add business roles that include technical roles as requesters in the policy. |
Customer, Global, or Request Administrator |
|
Control approval decision support information |
Similarity profile settings in Identity Governance Configuration > Role Mining and Analytics Settings. |
Customer, Global, or Request Administrator |