This solution requires Identity Manager, the Identity Manager Roles Based Provisioning Module, and Access Manager.
When users attempt to access a protected resource to which they have not been granted rights, Access Manager denies access. In some cases, a user might not be authorized to access the resource; in other cases, the user might be entitled to access the resource, because of their job, but the user has not been granted the rights required to gain access.
In either case, the most efficient method of handling the access denied message is to check the user’s credentials to validate if he or she should be attempting to access the resource. If not, Access Manager can deny the request. However, if the user does have the credentials to allow access but has not been granted the appropriate approvals, you can implement a workflow process to enable the user to request access.
The following sections outline the sample configuration steps necessary to implement this scenario.