Access Request do not require wait for verification

When using access request, if a user has an account or permission assignment and either a review or a request is made to revoke the access.  That access goes through fulfillment and goes into the "awaiting verification" state.  We have some applications that are using CSV exports and are not regularly updated.  So, what is happening is we have a batch of revocations from a user access review, then right after the manual fulfillment is completed, the users start escalating that they no longer have access.  The problem is that in the IG Access Request interface, the particular permission is not available in the list until we do a collection / publication on that application (keep in mind this is a manual extract from the application to import into IG).

Is there a way that we can enable requesting access even if it is awaiting verification in the fulfillment status?

  • 0

    This is a kind of interesting business case. The main question I would have is "What business policy should apply in this matter? The review process or user's need of access?" I don't think that a technical solution to allow users requesting resources that still are bound to other processes running would make the life easier. If the user get access before the revoke fulfillment is verified the fulfillment would be considered  as "not fulfilled" I guess. And that would be the case as well if a manual intervention was made to restore the access before the fulfillment is verified.

    I would think that the current review process is not the right task to be applied and would consider moving that resource into some business role that isn't part of the review process. Or address the question, how do we apply fast moving need of access to slowly moving lifecycle events on applications if a business role is not the right answer?