Modify Security for Advanced Access Requests

Advanced Access Requests implements a self-service workflow for requesting and assigning ERP roles. For a majority of users to make requests, you need to edit and assign a custom job role.

A user assigned a predefined job role called Access Request Security Administrator (ORA_GTG_ACCESS_REQUEST_SECURITY_ADMINISTRATOR_JOB) has full rights to request roles and to review or approve role requests. However, very few users would be request approvers.

On the other hand, virtually any user might request a role, or be selected to review a role request. A duty role called Access Provisioning Requests and Review (ORA_GTG_ ACCESS_PROVISIONING_REQUESTS_AND_REVIEW_DUTY) enables such users to make and review requests. By default this role isn't included in any assignable role; it's up to you to decide what roles to add it to. The recommendation is, add it to a custom job role that's based on a role meant to be assigned widely, such as Employee (ORA_PER_EMPLOYEE_ABSTRACT).

In addition, a privilege called View Access Requests (GTG_VIEW_ACCESS_REQUESTS_PRIV) provides view-only rights to the Access Request Approvals work area. Add it to a custom job role assigned to your auditors.