Provisioning request definitions are directory objects that encapsulate the business rules for granting or revoking a corporate resource or role, and binding the corporate resource or role to a workflow. Provisioning request definitions can also be used to launch attestation workflows. They are used in the User Application to support:
Resource requests on the Requests & Approvals tab
Resource requests allow users to request access to resources such as accounts, applications, servers, and so forth. Novell provides a read-only resource-oriented provisioning request definition named Resource Approval.
For information about customizing the existing definition or writing your own resource based provisioning request definitions, see Guidelines for Creating Resource Based Workflows.
Role assignment requests on the Roles tab.
Role assignment requests allow users to request roles that grant them permissions to resources and not to the resources themselves. Novell provides these two read-only role-oriented provisioning request definitions:
Role Approval: Manages role requests.
SoD Conflict Approval: Manages role requests that result in Separation of Duties (SoD) conflict overrides.
For information about customizing the existing definitions or writing your own roles based provisioning request definitions, see Guidelines for Creating Roles Based Workflows.
Attestation process requests on the Compliance tab.
Attestation process requests are used by Compliance Administrators and Attestation Officers to submit requests for attestation workflows. These workflows allow users to verify their own user profile information, to allow authorized users to verify the violations and exceptions to SoD constraints, or to verify role and user assignments.
Designer provides these two attestation type provisioning request definitions:
Attestation Report: Manages the attestation process that allows users to verify the violations and exceptions for a set of SoD constraints.
Attestation User Profile: Manages the attestation process that allows users to confirm that their user profiles contain accurate information.
Attestation type provisioning request definitions are not editable within Designer. You cannot define or use custom provisioning request definitions for attestation, and they are not visible on the Requests & Approval tab.
You use Designer to define the trustees for the attestation process requests, to deploy the provisioning request definitions, and to localize the text users see during the approval process. For information on localizing attestation provisioning request definition text, see Localizing Provisioning Objects.