The request access feature requires that before users can see the information on a secret that they must request access to a secret from the approval group. The approval group can deny, or approve the request as well set the date range the user has access. Audit trail will exist for each request/approval and emails will be sent for the request and response.
Setup for Requiring User Request Access:
- For the secret that you would like to require the user request access, go to the secret view screen, and select the Security tab
- On the Security tab, click Edit and turn on the "Enable Requires Approval for Access" setting. (Note: This requires Share permission on the secret)
- Once enabled, you will need to select the users and groups for the Approval Group.
- Save the security settings
- Ensure the users who will need to request access have View permission for that secret by going to the view screen and clicking Share button (Note: this requires you be an owner of the secret with Share permission)
- Since the users have view permission they can search and find the secret but will be required to request access before viewing the information
- Users in the Approval group and users with (owner) Share permission do not have to request access for the secret
- Also ensure the STMP server and From email have been configured in the Administration, Configuration screen so emails can be sent
Typical Workflow of Request Access
- User clicks on a secret with request access that takes them to the Request Access page
- The Request User enters a reason for the request and submits the request
- Every user in the Approval Group gets an email detailing this user has requested access to this secret
- The approver clicks the link in the email (or goes to Tools, Manage Secret Access Requests) and is taken to the request approver page
- The Approver enters a comment and approves the request for a set date range
- The Request User receives an email about being granted access to the secret
- The Request User can now access the secret and view the information
FAQ:
As an approver is there a place to view all my pending requests?
Yes, for all users assigned to an approval group, they can access their request under the Tools, Manage Secret Access Requests link. Here the approver can sort by status (Approved, Denied, and Pending). The request can be approved or denied by clicking the status (a hyperlink to the Approver page) in the grid.
My request access has expired (or been denied), how can I get access?
The request user can send another request that will be marked as pending an require it going through the workflow steps. A new request can be sent at any time an will override the active request.
Where can I view the audit for the Requests?
Audit records for requests, and approvals can be found in the Secret Audit. This found under the View Audit button on the Secret View page.
I have enabled the Request Access feature on a secret but my users cannot find it?
The most likely cause is the users do not have view permission to the secret. Giving them view permission will allow them to search and locate the secret but they will have to request access to view the information.
Can I approve a request indefinitely?
The way to do this would be set the Expiration date far ahead in the future.
Why can't I deny a request and set an expiration date?
Denying a request is the same as if the user did not have access in the first place, so no expiration date is needed. If the denial did expire it would have the same result where the user cannot view the secret information.
Does request access work with webservices or the IPhone app?
No, since these secret require sending a request from the UI, webservices cannot view a secret that requires request access.
Article ID: 59, Created On: 10/12/2009, Modified: 10/12/2009