Responding to zone-based role assignment requests

If you are a user or member of a role that has been designated as an approver for zone-based role assignment requests, you can choose to approve or reject the zone-based role assignment requests that you receive.

Approving a zone-based role assignment request

If you are a zone role workflow approver, you will receive email notification whenever a request needing your approval is submitted. You can grant permanent access or temporary access that expires after a specified duration or time frame.

To approve a zone-based role assignment request:

  1. Open an email message from Centrify Zone Role Assignment Management with the subject, “Zone role assignment request.”
  2. Click the View Request link.

    If you are not already signed in to the Privileged Access Service, sign in when prompted.

  3. Review the request details and click Approve.

  4. Choose a duration or time frame for access:

    • To grant permanent access, select Grant Permanent Permission.
    • To grant temporary access for a specified duration, select Grant Temporary Permission and specify the number of minutes, hours, or days before expiration.
    • To grant temporary access for a specified time frame, select Grant Windowed Permission and specify a start time and an end time.

    The default values for windowed permission are provided by the requester in the original request. If multiple approvers are configured, only the first approver to respond can change those values.

  5. Click Submit.

    The requester is notified of approval by email.

Rejecting a zone-based role assignment request

If you are a zone role workflow approver, you will receive email notification whenever a request needing your approval is submitted. If you do not approve of the request you can reject it.

To reject a zone-based role assignment:

  1. Open an email message from Centrify Zone Role Assignment Management with the subject, “Zone role assignment request.”
  2. Click the View Request link.

    If you are not already signed in to the Privileged Access Service, sign in when prompted.

  3. Review the request details and click Reject. The Rejection dialog opens.

  4. In the Rejection dialog, optionally provide a reason for the rejection.

  5. Click Submit.

    The requester is notified of rejection by email.