Authorizing global approval for access requests

As a system administrator, you can specify the users and roles who are authorized to approve access requests. You can configure the approval workflow globally so that it applies for all resources and accounts, or on a per-resource and account basis, or using a combination of the two. If you use a combination of global-and account-specific approval settings, the account-specific approval settings take precedence over the global approval settings. For example, you might give members of the IT Outsource role global authority to approve login and password checkout requests for all resources and accounts, then identify specific system and account combinations where only members of the IT Supervisors role can approve access requests.