Configure a protected resource as directed in the Access Manager documentation.

The following steps are example policies that allow access if users meet the criteria, request access if certain criteria are met or, deny access if users do not meet criteria and should not be given the opportunity to request access.

Create a Permit rule similar to the one in the following example, based upon criteria for the user to be granted access to the resources.

Verify that the priority for this rule is the lowest number (in this example, it is 1).

Create a Deny rule similar to the one in the following example, based upon criteria for the user to not have access to this resource and to be denied.

Verify that the priority of this rule is the next highest number (in this example, it is 5). The message text of this policy should state why the user has been denied access, for example:

Create a Deny policy similar to the one in the following example, based upon criteria that display a message to users explaining why they have been denied access, and providing a link to request access to the resource.

Set the priority of this policy to the next highest number (in this example, it is 10). The message text of this policy should state why the user has been denied and how to gain access.

The content of the Message Text field looks like the following in HTML:

Sorry, because you are not yet a member of the Vendor Payment role you do not have permission to access this application. 
<BR><BR>
You may request access to the Vendor Payment system by clicking the link below. Once your request has been submitted and processed you will be notified and upon approval granted access.
<BR><BR>
<A HREF="http://ipaddress:port/IDM/portal/cn/DefaultContainerPage/Workflow_Request">
Click here to request access to the Vendor Payment System</A>
<BR>

Replace http://ipaddress:port/IDM/portal/cn/DefaultContainerPage/Workflow_Request with the URL created in the previous section.