No. The statement is too restrictive. In SailPoint IdentityIQ, business roles do not have to be requested in order to become associated with identities. A business role can be associated through access-request processing when the role is configured as requestable, but request submission is not the only acquisition path.
In the default role model, role association is maintained through IdentityIQ role evaluation and identity refresh behavior. Business roles may be assigned directly, assigned through administrative action, or associated through configured assignment logic. IdentityIQ then evaluates role relationships and updates the IdentityCube accordingly during refresh processing. By contrast, detected roles are commonly inferred from the access an identity already has, based on role profiles and entitlement conditions.
The important distinction is between requestable access and role association. Requestability controls whether users can ask for a role through Lifecycle Manager and QuickLinks. It does not mean the role can only be associated through a request. Therefore, “must be requested” is inaccurate.
Reference topics: Access Modeling, business roles, role assignment, detected roles, requestable roles, Identity Refresh, IdentityCube role data, and User-Driven Requests.
