1. Using Advanced Controls
  2. Make a Role Request

Make a Role Request

To request one or more roles, either for yourself or for another user, complete these steps.

  1. Open the My Access Requests dashboard. In it, click the Request Access button. A Request Access page opens.

  2. Your user name appears by default in a field labeled Who is this request for. Accept this if you want to request one or more roles for yourself.

    Or, to request one or more roles for another user, delete the default entry and search for that user's first name, last name, or user name. To search, begin to enter text. After you type a few characters, the application presents a list of values that include the text you've typed. You can then select one user from that list. (All fields in which you enter values use this search capability.)

    In your search text, a space is treated as one of the characters to be contained in return values. Some examples: "mark " ("mark" with a trailing space) would return "Mark Tayler" and "Mark Webb," but not "Marketing_Mgr"; "mark t" would return "Mark Taylor" but neither "Mark Webb" nor "Marketing_Mgr"; "mark" (no space) would return all three values.

  3. In the field labeled Why is additional access required, enter a justification for your role request. This is a mandatory field.

  4. Click the Add Role button. An Add Role drawer opens. In its Role Name field, search for and select a role you're requesting. You can search on the role's display name or internal name.

  5. Still in the Add Role drawer, optionally add a data request to be defined in the Manage Data Access for Users task of Functional Setup Manager.

    • In the Security Context field, select Asset Book, Business Unit, Data Access Set, Ledger, or Reference Data Set.

    • A Security Value list presents items configured by your organization that are appropriate for the context you selected. Click check boxes for any number of them. Or, click the Select All box. For example, if you select the Business Unit context, you can select any number of your company's business units.

    Together, these selections define data records the user would have access to while using the role you're requesting, for example records associated with any in a set of business units you've specified.

    Note: A data request is optional because some roles, such as data roles, define their own data security. So you wouldn't create data requests for them. For any other role, however, you must create a data request. Otherwise the user for whom the role is requested would be granted the role, but have no access to data.

  6. Click the Add button in the Add Role drawer. The drawer closes, and the Request Access page includes a row that displays the name of the role you've added, the name of the security context you've selected for it, and the number of security values you've selected for that context.

  7. You may want to add roles to your request.

    • You may select a role you've already selected, so that you can create a new data request that uses a distinct security context. However, this isn't a common occurrence; often, only a single context is appropriate for a role. If you make multiple data requests for a role, a request approver may approve or reject each independently of the others. A role approved with multiple data requests provides access to data associated with any of its contexts.

    • You may select a role you haven't already requested.

    In either case, repeat steps 4 through 6. You can request any number of roles. You can also remove a populated role by clicking its Withdraw icon (it looks like a trash can) or edit it by clicking its Edit icon (it looks like a pencil).

  8. Click the Submit button. The focus returns to the My Access Requests dashboard, where the New Requests filter is active by default and a record of your request appears.

For any given user, only one request can exist at a time, although that request can be for any number of roles. This is the case no matter whether the user makes the request or someone else makes it on the user's behalf. If you select a user for whom a request is pending, an error message appears.

One response is to wait until a request approver has accepted or rejected all roles included in the pending request. But if you have access to the pending request, you can withdraw it and replace it with another. (You have access to the request if you made it or if it was made on your behalf.) To withdraw a request:

  1. In the Request Access page, click Cancel to return to the My Access Requests dashboard.

  2. Click the ID for the request you want to withdraw.

  3. In the summary page for that request, the record for each role includes a Withdraw icon. Click the icon for each role. When you have withdrawn all of the roles included in the request, the request itself is withdrawn.