Show TOC

Function documentationApprovers Locate this document in the navigation structure

 

Approvers can approve system access requests and many other kinds of requests.

Approvers use the My Work tab and the Informer tab to do their work.

In My Work Approvers navigate to:

  • Requests for Approval

  • Create Request

  • Search Requests

  • Requests on Hold

  • Approver Delegation

  • Copy Request

  • Request Audit Trail

  • Role Reaffirm

In the Informer tab, Approvers navigate to   Analysis View   Analytical Reports   to select and view reports screens; and, they navigate to Chart View to see the reports in chart format.

Approvers are managers or other staff such as role owners, business process owners, site approvers, or IT security members.

Each company decides which of its employees approves system access requests. Each company also decides the approval path workflow through which each access request must pass. Typically, system administrators configure approval workflow paths based on the company’s risk management strategy.

The number of approval stages in your workflow depends on your organizational hierarchy and processes. A basic workflow scenario might include three stages involving three approvers as described in the table below.

Approver

Typical Approval Responsibilities

Manager

Manager approvers (typically the requestor’s own manager) can review, approve, or reject the access request at their workflow stage during the approval process.

Role Approver

Role approvers can approve or reject an entire request or just certain roles on the request. You can configure the system so that role approvers can put a request on hold or add roles to a request. Alternatively, you can configure the system such that role approvers can only approve or reject roles that they own.

Security

Security approvers are typically the last approvers in an access approval workflow. They can grant access to the requested target system. You can eliminate the security approver stage if auto-provisioning is configured.

During the configuration and planning phases of an installation, system administrators assign responsibilities and privileges to each approver at each workflow stage. These assignments can vary by system and by company. Three critical configuration options are role selection, risk analysis, and mitigation. These facets of access control appear in subsequent sections of the documentation.