EmpowerID utilizes various policies to manage user requests for resource access. These policies verify if approval is necessary before the system carries out the requests. The policies involved are:
Access Request Policies: These govern the control of access requests.
Approval Flow Policies: These determine who has the authority to approve or reject access requests.
Notification Policies: These identify who should receive notifications for access requests at different stages of the approval process.
Within this structure, Access Request policies incorporate Approval Flow policies, which define who can grant or refuse access to resources. Further, Approval Flow policies can include Approval Steps, providing a sequential order of approvers. Working alongside these, Notification policies trigger approval alerts when users raise access requests.
EmpowerID comes with pre-set Access, Approval Flow, and Notification policies, creating approval tasks and notifying all involved parties via email. These cater to those with the necessary Role-Based Access Control (RBAC) delegations to approve access requests. However, for finer control, you can override this default mechanism by tailoring these policies to target specific personnel.
The following topics guide you through a scenario where we create policies to navigate a request for group membership. Initially, the request goes to the manager of the request initiator for approval, followed by the group's owner for final approval. In this scenario, if any of the approvers reject the request, the system denies group membership.