...
On the App menu, navigate to PBAC Assignments > App Rights Assignments.
Click the dropdown arrow on the Assign App Right button and select Assign to Person.
Search for and select the person from the Select Person to Assign Right(s) field.
This opens the “Assign Rights” modal with the person selected to receive one or more app rights.
Click the app right to be assigned from the All panel on the left of the Assign Rights modal. This allows you to view information about the Access Request Policy governing access to the right and enables the “Add” button.
Optionally, to add a time constraint to the assignment, toggle the Set Duration button, click the End Date Time field, and select the appropriate end time date from the calendar.
Click Add.
This moves the app right to the Added panel.
Click Add to Cart.
Click the shopping cart icon and fill in the required Add a Comment and Enter Business Request Name fields.
When ready, click Submit.
You should see a message indicating the status of the cart submission.
Click the status link to view the request status in My Tasks and approve the assignment.
Click Submit to complete the approval process.
You should see that the request is has been approved and completed.
Return to the App Rights Assignments page in Resource Admin. You should see the assignment.
...
When someone with eligibility for the app right requests access to it from the IAM Shop, the request will be routed to the appropriate PBAC approver(s). To test this, do the following:
Go Sign in to the IAM Shop as a user with eligibility eligible for the application.
Search for the application and click Request Access.
Edit Approval Routing for Field Types
In the above example, PBAC Approval was configure to allow the approvers to approve all requests to view the product catalog. If needed, the assignment can be scoped to limit approval to specific field types defined for the product catalog. To implement scopes, do the following:
...
Click the Edit button for the approval right.
...
If you are assigning the approval right to a single person, do the following:
Click Assign to Person.
Enter the name of the person in the Select Person to Assign Right(s) field and click the tile for that person.
If assigning to another assignee type such as a Manageemnt Role, click Assign Right to any Assignee Type and do the following:
...
Choose Type: Enter the assignee type and then click the tile for that type to select it.
...
Right to Grant: Enter the name of the approval right and click the tile for that right to select it.
...
This opens the application drawer.
Select one of the rights configured for the application, then select a Field Type and one or more Field Type Values (if configured for the application). In the image below, we have selected “Edit Product Catalog” as the app right and “Lawn Care” and “Tools” Field Type Values from the “Hardware Products” Field Type.
Click Add to Cart.
Click the cart icon to open the cart. You should see the app right and any Field Type “Scope” Values (if selected).
Fill in the required Comment fields and then click Evaluate Request to check for potential SOD violations.
Once the request has been evaluated, enter a Business Request Name and click Submit.
You should see that the request has been submitted for approval. If Field Type Values were selected and Split By Value Approval was selected for the requested app right, you will see an approval task for each requested Field Type Value.
Click the status link.
This directs you to the My Requests page of My Tasks and opens the Request Detail pane for the request.
Click the Process Steps tab and then click the Show Approvers link. You should the person designated as the PBAC approver.
