Access Requests

An access request is how team members and clients ask for permission to use a platform resource in AccessHive. Every request goes through an approval workflow before access is granted, giving your agency a clear record of who asked for what, why, and when it expires.

How access requests work

When someone needs access to a platform, they submit a request describing what they need and why. The system evaluates the risk level, routes the request to the right approver, and – once approved – automatically sets up the access on the target platform.

stateDiagram-v2 [*] --> Pending: Request submitted Pending --> Approved: Approver accepts Pending --> Denied: Approver declines Pending --> Expired: No response in time Approved --> Provisioning: System sets up access Provisioning --> Completed: Access is live Provisioning --> Failed: Setup error Failed --> Provisioning: Retry Completed --> [*] Denied --> [*] Expired --> [*]

A request moves through these stages:

  1. Pending – The request is waiting for an approver to review it.
  2. Approved – An approver accepted the request. The system begins setting up access.
  3. Provisioning – The system is creating or activating the access on the target platform.
  4. Completed – Access is live and the requester is notified.
  5. Denied – The approver declined the request. The requester sees the reason.
  6. Expired – No one responded before the approval window closed.
  7. Failed – Something went wrong during setup. An admin can retry from the request detail page.

What goes into a request

Each access request captures the information approvers need to make a decision:

Field What it means
Requester The person asking for access (a team member or client user)
Client Which client account the access is for
Platform The target platform (for example, Google Ads or Meta)
Access items The specific roles or permissions being requested
Justification A business reason explaining why this access is needed
Duration How long the access should last
Risk level A rating the system assigns based on the sensitivity of the requested permissions

Approval flow

The approval process has five stages:

  1. Submit the request – The requester selects the access items they need and provides a justification. The system sends a notification to the designated approvers.
  2. Risk assessment – The system classifies the request as low, medium, high, or critical based on the sensitivity of the requested permissions.
  3. Approver review – The approver can approve, deny, or ask for more information.
  4. Automatic setup – If approved, the system provisions the access on the target platform without manual intervention.
  5. Access confirmed – The requester receives a notification and can start using their new access.

Approval policies

Your agency can configure approval rules to match your security requirements. Policies can be based on:

  • Risk level – Low-risk requests can be auto-approved, while high or critical requests require senior approvers or multiple sign-offs.
  • Platform – Certain platforms can require specialized approvers who understand that platform’s permission model.
  • Access item sensitivity – Individual access items can override the default approval rules.
  • Client-specific rules – Per-client policies that apply to all requests for that client.
  • Time-of-day restrictions – Limit when certain types of access can be approved or set up.
Use auto-approval for low-risk requests

Auto-approval is available for low-risk requests when enabled in your governance settings. This speeds up routine access without weakening oversight for sensitive permissions.

Time-bound access

All access granted through requests is time-limited to follow least-privilege principles:

  • Default expiration – Every request has a maximum duration, configured in your agency settings.
  • Automatic revocation – When the expiration date arrives, the system revokes access automatically.
  • Renewal requests – Requesters can submit a renewal before their current access expires.
  • Extension requests – Active access can be extended with a new justification and approval.
  • Auto-renewal – For trusted, low-risk access items, auto-renewal reduces the administrative overhead of repeated approvals.
Expiring access alerts

The dashboard highlights access items that are about to expire. Both the agency admin and the affected user receive notifications ahead of time, giving everyone a chance to request an extension.

Types of access requests

Request type When to use it What happens after approval
New access A user needs access they have never had before The system provisions the access on the platform
Renewal Existing access is about to expire The system extends the expiration date
Extension A user needs more time on active access A new justification and approval are required, then the expiration is pushed out
Choosing between renewal and extension

Use renewal when you know in advance that access will be needed beyond the original period. Use extension when an unexpected need arises and the current access is still active.

  • Submit and manage requests step by step – See the Access Requests guide.
  • Understand approval policies and compliance – See Governance.
  • Configure Privileged Access Management (PAM) sessions – See PAM Sessions.
  • Review who accessed what and when – See Audit Trail.