Process Overview - Approver
...
POV
Table of Contents minLevel 2
📝 Note: Access requests, including PAM (Privileged Access Management), provide elevated permissions and must be approved only for valid business or emergency needs.
Approvers are responsible for validating the reason, scope of work, and expected activities.
Requests with insufficient or incomplete information must be rejected.
Step 1: Receive Approval Notification
Approver will receive an email from IAG indicating a pending access request.
Step 2: Login to IAG
- Click the link in the email or open the IAG portal, https://syw-iag-dev-eu10.sapciag-ee.cfapps.eu10.hana.ondemand.com/cp.portal/site#Shell-home
Step 3: Open Access Request Inbox
Click Access Request Inbox.
Pending approval work items assigned to you will be displayed.
Step 4: Review Request Details
Select the request to review.
Verify the following information:
Requestor Name
Requested User
Role Requested
Reason / Justification / Scope of Work
- Duration of access requirement
...
SAP Ariba PAM Roles
Ariba Template Manager – Creates and maintains sourcing templates.
Ariba User Admin – Monitors correct user provisioning from IAG to Ariba.
Ariba Master Data Manager – Reviews integration of master data into Ariba.
Ariba System Admin – Super user for exceptional tasks or defect fixes.Icertis PAM Roles
IT Icertis Master Data Admin – Manages master data only; no system/workflow access.
IT Icertis User Management Admin – Administers users, groups, orgs, and technical role assignments; no transactional data access.
IT Icertis Admin Extended – Same as Support + access to transactional data (excluding confidential contracts).
IT Icertis Config Admin – Full system configuration control; no access to contracts or transactional data; technical roles assigned via User Management Admin.
Step 6: Validate Request
Confirm the request is for a valid, active user.
Ensure the request aligns with requester's role ownership responsibilities and understand for any impacts of changes in the production system for the access requested.
- Based on validation, approve or reject the request with appropriate comments. The corresponding access decision will be communicated to the user via email notification.
