1. Using Advanced Controls
  2. Assign Reviewers and Approve Role Requests

Assign Reviewers and Approve Role Requests

Every role request must be accepted or rejected by a request approver, even if it hasn't generated control violations. Review is optional, but if the request is to be reviewed, the request approver assigns the reviewer. The two processes are similar (and both are similar to the review process).

For a given user, you may be considering whether to approve or assign a single role with a single security context; multiple assignments of a single role, each with its own security context; or multiple roles. When a request requires multiple judgments, you can make them collectively or individually. (In particular, although requests for a single role with multiple security contexts may be related, you can approve, reject, or assign them to reviewers independently of one another.)

  1. Open the Access Request Approvals dashboard and click the ID for a request you want to work with.

    • If you select among records at the New Requests status, you can assign a reviewer, or accept or reject the request without subjecting it to review.

    • If you select among records at the Pending Approval status, you'll make an approval decision on a request that's already been reviewed.

    In either case, you can't approve a request you've made for yourself or on behalf of another user.

  2. In the summary record of the request, click the name of each role you're considering for approval to open its details drawer. Go over information about the request.

    • If it's been reviewed, the reviewer's accept-or-decline recommendation and the justification for that recommendation appear in the work history available in the Approvals tab.

    • Regardless of whether a review has occurred, click tabs to see the data-permission request associated with the role and the user to whom the role is to be assigned. Also, if access controls were active when the request was made, go over the controls that have been violated and the conflicting roles those controls have identified.

    When you finish, close the details drawer for the request you're considering for approval.

  3. A requested role may contain privileges that grant access to Procurement functionality. If so, a user must have both the privilege and a corresponding action as a procurement agent for a business user.

    In this case, a Procurement Agent Action field appears in the summary record. Click its Edit link to open a drawer. You can review procurement-agent actions selected automatically by the application, and you can edit them. When you finish, close the drawer.

  4. In the summary record, approve or reject requests, or assign them to reviewers:

    • A request may consist of a single record (one role with one security context) or multiple records that you want to consider individually. If you've selected a request at the New Requests status, you have three options for each role: Approve, Reject, and Assign. If you've selected a request at the Pending Approval status, you have only the Approve and Reject options. You select among these options slightly differently.

      When you have three options, the request record includes a More Actions menu, which looks like an ellipsis. Click it to select among the three options. When you can only approve or reject, icons representing those two options appear in the request record.

      In any case, select the option you want, and a drawer opens. If you're assigning a reviewer, accept the default (the user's manager) or search for and select the name of another person. Add comments for the reviewer to consider, and click the Assign button. If you're approving or rejecting the role request, write a justification for your decision and click the Approve or Reject button. No matter which action you're completing, the comments to a reviewer or the approval-decision justification is mandatory.

    • If the request consists of multiple records, you may choose to assign a reviewer for, approve, or reject all of them at once. Expand the Actions menu and select among its Approve All, Reject All, and Assign All options. This opens the same Approve, Reject, or Assign drawer, which you'd complete in the same way. But, of course, your decision would apply to all the requested roles.

  5. Depending on the action you've taken, you can click the Pending Review, Approved, or Rejected filter to review your work. Or, for a multiple-role request, click the New Role Requests or Pending Approval filter to list roles you've yet to act on.