...
Create seven Person identities and assign each to the Temporary Role in Temporary Location Business Role and Location:
User A
User B
User C
User D
A Manager for both User A and User B
A manager for both User C and User D
A person that can be chosen by the manager of User C as a delegate for approvals that require a response from User C’s manager
A Manager for User C
An Application Role Approver for the group
Assign all seven Person identities to the IT Shop, MY Tasks, and My Identity Self-Service Full Access Management Role. This grants each user the ability to access the IT Shop, My Tasks, and My Identity applications.
Create a generic groupand do the following:
Assign as the Application Role Approver the person you created above for that role
Grant User A and User B the Eligible eligibility type to the group as a resource
Grant User C the PreApproved eligibility type to the group as a resource
Create two Approval Steps
The first with an Approval Resolver Rule that creates an approval task for the manager of the person initiating a business request
The second with an Approver Resolver Rule that creates an approval task for the resource owner
Create an Approval Flow Policy and add both of the above Approval Steps to the policy. Be sure the precedence for the steps is correct.
Create an Access Request Policy and add the Approval Flow Policy to it.
Configure the Item Type Action for adding someone to a group with the Access Request and Approval Flow policies created above. The name of the Item Type Action for this is ADDPersonApplicationRoleResourceRole.
...