Figure 23-1 Access Request Process
The Access Request capability allows administrators, application owners, supervisors, and other users to perform various tasks based on their authorizations. The Identity Governance users can perform the following tasks based on their runtime authorizations and the request and approval policies:
Review their current access or the access for other users
Review access that is recommended for them based on business role policies
Search or browse and request application access that is available to request
Search or browse and request technical roles to request a group of permissions in a single step
Search or browse and request business role membership
Specify effective (future start) and expiration (future end) dates for requests
Retract access request
Retry failed request after fixing the cause of the error
Compare access of multiple users when authorized by request policy
Specify workflow as approver
Edit or create custom workflow for approval
Approve requests when assigned as an approver in approval policy
Approve or resolve potential SoD violations when assigned as an approver in SoD violation policy
View a list of current access requests, status of each request, and a timeline of all related events including fulfillment and reassignment details
View a list of completed requests and approvals
In addition to the above tasks, users with Access Request Administration authorization can:
Create, edit, preview changes, compare to draft, simulate workflow, and publish customized request and approval forms for permissions and applications
Configure default request policy and create additional request policies to specify who can request what
Create approval policies to specify requests that need approval or that enable requests to be pre-approved or automatically routed for approval