Content: <br /> <br />• A requester -- be it the user himself in a self-service request or the user's manager -- may not know exactly what roles, groups or attributes are needed to grant a recipient some required privileges. <br />• However, requesters often know someone else who already has the required privileges. A model-after user interface allows a requester to compare the profile attributes and entitlements of the recipient with a model user and request just those items whose descriptions appear relevant to the task at hand. <br /> <br />Key concepts: <br /> <br />• A requester can assign a subset of a model user's rights to a recipient. <br />• Access controls limit what recipients and model user a given requester can access. <br />• Requests formulated in this way are user friendly -- the requester already knows who has the required entitlements, just not what they are called. <br />• Selecting just key entitlements eliminates the problem of propagating rights from one over-provisioned user to another. <br /> <br />See more at: https://hitachi-id.com/identity-manager/overview/access-requests.html
