Browse · Help archive
Getting Started
Account & Security
Billing & Plans
Organization & Roles
QA-QC
Project Matrix
File Management
Project Members
Access Requests
Project Setup
Attribute Extract
Attribute Import
Scheduled Jobs
Power BI Analytics
Foreman Assistant
Permissions Graph

Draft · This article is being updated. Content may change.

  1. Archive
  2. /
  3. Project Matrix
  4. /
  5. Access Requests

Access Requests

Configure access request forms, public views, auto-detection, and provisioning.

What are access requests?

Access Requests allow external users to request access to an ACC project through a structured form. When a form is linked to a Project Matrix, users select their party, functions, and disciplines from the matrix values, and Foreman resolves those selections into concrete ACC roles.

Linking a form to a matrix

When creating an access request form, you select a matrix configuration from a dropdown that shows all configs for the project (the most recently updated one is marked with a star). Setting the form's role selection mode to Fixed enables matrix-based role selection.

The public form

Access request forms can be shared via a public URL. The public form loads the full matrix config and presents three selectors:

  1. Party (L1) — Single selection: pick one party.
  2. Functions (L2) — Multi-selection: pick one or more functions.
  3. Disciplines (L3) — Multi-selection: pick one or more disciplines.

Overrides are applied: if the selected party has restrictions, only the allowed L2/L3 values appear. "General" is always included as an L2 function regardless of the user's selection.

Role group auto-detection

Values like "All" or "General" that belong to role groups with wildcard flags behave differently on the form:

  • They are hidden from manual selection — the user can't click on them directly.
  • They appear as locked purple pills when the match condition is met:
    • "All" mode — every other selectable value in the group is selected.
    • "Any" mode — at least one selectable value is selected.
  • A purple info panel below the disciplines shows which role groups have been auto-included.

The server independently validates role group auto-inclusion — it does not trust the client's claimed groups. This prevents form tampering. If a user manipulates the form, the server recalculates which groups qualify.

Admin review

When reviewing a request, administrators see:

  • Auto-included role groups shown as locked purple badges.
  • Individually selected roles shown as regular blue badges.
  • The ability to modify the final role list (replace or add roles).
  • An option to grant project administrator access.

Provisioning

After a request is approved, Foreman automatically adds the user to the ACC project with the approved roles. Role group names are valid ACC role names and are resolved to role IDs via the project's CSV, just like individual roles. A notification email is sent to the requester.

Advanced: Auto-approval rules

You can configure auto-approval rules on the access request form that automatically approve requests matching certain criteria — for example, requests from specific email domains or for specific roles. Auto-approved requests are logged with the rule name that triggered them.

See also

← Previous Permissions & Suggestion Engine Next → AI Features
You're offline — some actions may not work.

Connection lost

Attempting to reconnect to Foreman...

Connection lost

Retrying in --s Attempt - of -

Connection interrupted

Retrying in --s Attempt - of -