1. Using Advanced Controls
  2. Assign Reviewers and Approve Role Requests

Assign Reviewers and Approve Role Requests

Every role request must be accepted or rejected by a request approver, even if it hasn't generated control violations. Review is optional, but if the request is to be reviewed, the request approver selects the reviewer. The two processes are similar (and both are similar to the review process).

  1. Open the Access Request Approvals dashboard and click the ID for a request you want to work with.

    • If you select among records at the New Requests status, you can assign a reviewer, or accept or reject the request without subjecting it to review.

    • If you select among records at the Pending Approval status, you'll make an approval decision on a request that's already been reviewed.

    In either case, you can't approve a request you've made for yourself or on behalf of another user.

  2. In the summary record of the request, click the name of each role you're considering for approval, to open its details drawer. Go over information about the request.

    • If it's been reviewed, the reviewer's accept-or-decline recommendation and the justification for that recommendation appear in the work history available in the Approvals tab.

    • Regardless of whether a review has occurred, click tabs to see the data request associated with the role and the user to whom the role is to be assigned. Also, if access controls were active when the request was made, go over the controls that have been violated and the conflicting roles those controls have identified.

    You may work with multiple assignments of a single role to a single user, each with its own security context. If so, then even though they're related, you can approve or reject each of them independently of one another. If you approve a role with multiple data requests, it provides access to data records associated with security values for any of the security contexts.

  3. Close the details drawer for the role you're considering for approval. In the summary record, take an action:

    • A request may be for one role. Or it may be for multiple roles, but you want to act on them individually to make differing judgments. If you've selected a request at the New Requests status, you have three options for each role: Approve, Reject, and Assign. If you've selected a request at the Pending Approval status, you have only the Approve and Reject options. You select among these options slightly differently.

      When you have three options, the role record includes a More Actions menu, which looks like an ellipsis. Click it to select among the three options. When you can only approve or reject, icons representing those two options appear in the role record.

      In any case, select the option you want, and a drawer opens. If you're assigning a reviewer, accept the default (the user's manager) or search for and select the name of another person. Add comments for the reviewer to consider, and click the Assign button. If you're approving or rejecting the role request, write a justification for your decision and click the Approve or Reject button. No matter which action you're completing, the comments to a reviewer or the approval-decision justification is mandatory.

    • If the request is for multiple roles, you may choose to assign a reviewer for, approve, or reject all of them at once. Expand the Actions menu and select among its Approve All, Reject All, and Assign All options. This opens the same Approve, Reject, or Assign drawer, which you'd complete in the same way. But, of course, your decision would apply to all the requested roles.

  4. Depending on the action you've taken, you can click the Pending Review, Approved, or Rejected filter to review your work. Or, for a multiple-role request, click the New Role Requests or Pending Approval filter to list roles you've yet to act on.