---
title: Troubleshooting access requests
description: This section provides troubleshooting tips for common access request issues. More tips will be added here as they become available.
component: pingoneaic
page_id: pingoneaic:identity-governance:administration/troubleshooting-access-requests
canonical_url: https://docs.pingidentity.com/pingoneaic/identity-governance/administration/troubleshooting-access-requests.html
section_ids:
  assign-access-request-privs-to-identities: Assign access privileges to identities
---

# Troubleshooting access requests

This section provides troubleshooting tips for common access request issues. More tips will be added here as they become available.

## Assign access privileges to identities

Identity Governance requires end users to have permissions through an internal role to access an identity. For example, if an end user submits a role access request but lacks the required privileges, the role owner attribute displays a universally unique identifier (UUID) instead of the role owner's name. This occurs because the end user doesn't have read access to the identity. The solution is to create an internal role with the read privileges to the identity and assign the internal role to the end user.

![An example of Identity Governance displaying a UUID instead of the role owner's name, because the end user doesn't have the required privileges to view the role owner's information.](../_images/iga_ss1.png)

To create an internal role and assign it to the end user:

1. In the Advanced Identity Cloud admin console, select Identities > Manage > Internal Roles.

2. Click [icon: add, set=material, size=inline] New Internal Role.

   1. In the New Internal role modal, enter the following and click Next:

      * **Name**: Enter a name for the internal role.

      * **Description (optional)**: Add a description for the internal role.

   2. In the Internal role Permissions modal, select Alpha realm - Users managed/alpha\_user and click Next.

   3. In the Dynamic Internal role Assignment modal, click Next.

   4. In the Time Constraint modal, click Save.

   5. On your internal role page, select Privileges > [icon: add, set=material, size=inline] Add Privileges.

   6. In the Add Privileges modal, select Alpha realm - Users managed/alpha\_user and click [icon: add, set=material, size=inline] Add.

   7. Click Show advanced.

   8. In the Attribute Permissions section, select set all attributes and select None to set all permissions to `None`.

   9. Click Read for the following attributes:

      * userName

      * givenName

      * sn

        |   |                                                                                                                                                                                                                 |
        | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
        |   | If you are granting privileges for the `Alpha Realm - Roles` or `Alpha Realm - Organizations` identity, set `Read` access for the `name` attribute instead of the `userName`, `givenName`, and `sn` attributes. |

   10. Click Save.

3. On the internal role page, select Members > [icon: add, set=material, size=inline] Add Members.

   1. In the Add Members modal, select the end user and click Save.

4. When the end user enters an access request for a role, they see the role owner information:

   ![An example of Identity Governance displaying the role owner's name, because the end user has the required privileges to view the role owner's information.](../_images/iga_ss2.png)