1. Using Advanced Controls
  2. Who Can Do What

Who Can Do What

Among the Risk Management work areas available in the springboard, three apply to Advanced Access Requests. Users' access to them depends on the Advanced Access Requests roles they're assigned.

The three work areas include:

  • My Access Requests. In it, users request roles and manage their requests.
  • Access Request Reviews. In it, users complete reviews of role requests.
  • Access Request Approvals. In it, request approvers select reviewers, approve or reject role requests, or remove currently assigned roles.

A user assigned a job role called Access Request Security Administrator (ORA_GTG_ACCESS_REQUEST_SECURITY_ADMINISTRATOR_JOB) has full rights to use all three of these work areas. A user with this role can serve as a request approver.

While relatively few users would be request approvers, virtually any user might have reason to request a role or might be selected to review a request. A duty role called Access Provisioning Requests and Review (ORA_GTG_ACCESS_PROVISIONING_REQUESTS_AND_REVIEW_DUTY) enables such users to work in the My Access Requests and Access Request Reviews work areas. By default this role isn't included in any assignable role; it's up to you to decide what roles to add it to. The recommendation is, add it to a custom job role that's based on a role meant to be assigned widely, such as Employee (ORA_PER_EMPLOYEE_ABSTRACT).

Finally, a privilege called View Access Requests (GTG_VIEW_ACCESS_REQUESTS_PRIV) provides view-only rights to the Access Request Approvals work area. Add it to a custom job role assigned to your auditors.