Access Request & Approval Management Platform

Overview

A full-stack internal platform for managing user access requests, approval workflows, role assignments, and audit trails.

This system simulates a real enterprise security/admin workflow where employees request access to resources, managers and admins review requests, and all actions are tracked through a complete audit system.

---

Core Features

Authentication & Security

• JWT-based authentication
• Secure login flow
• Protected routes (frontend + backend)
• Stateless session management
• /api/auth/me for trusted identity retrieval

---

Access Request Workflow

• Submit access requests for roles/resources

• Lifecycle statuses:

  • PENDING
  • UNDER_REVIEW
  • APPROVED
  • REJECTED
  • CANCELLED
  • REVOKED

• Manager → Admin approval chain

• Status transitions enforced on backend

---

Role-Based Access Control (RBAC)

• Users assigned to roles
• Roles assigned to permissions
• Backend-enforced authorization
• No reliance on frontend role assumptions

---

User Management

• View all users

• Edit user details:

  • first name / last name
  • department
  • manager assignment

• Activate / deactivate users

• Assign / remove roles

---

Role Management

• View roles
• View users assigned to roles
• Assign / remove permissions from roles
• Real-time role-permission updates

---

Permission Management

• Browse permission catalog
• View permission details
• Permissions linked to roles via backend

---

Audit Trail

• Full audit log per request

• Tracks:

  • submission
  • approval
  • rejection
  • cancellation
  • revocation

• Includes:

  • actor (user)
  • timestamp
  • action type
  • contextual details

---

Notifications

• Notification generation on key events:

  • request submitted
  • request approved
  • request rejected

• Per-user notification list

• Mark as read functionality

---

Dashboard

• Aggregated metrics:

  • total requests
  • approved
  • rejected
  • cancelled
  • revoked
  • pending
  • under review

• Real-time data from backend

---

Filtering & Search

• Status filtering on request list
• Search capability
• Clean UI for navigating large datasets

---

Tech Stack

Backend

• Java 21
• Spring Boot
• Spring Security (JWT)
• Spring Data JPA
• PostgreSQL (or compatible)
• Maven

Frontend

• Angular (Standalone Components)
• TypeScript
• RxJS
• Angular Router
• HTTP Interceptors (JWT injection)

---

Architecture

Frontend (Angular)
        |
        |  HTTP (JWT)
        ↓
Backend (Spring Boot)
        |
        ├── Authentication (JWT)
        ├── RBAC Enforcement
        ├── Access Request Service
        ├── Approval Workflow Engine
        ├── Audit Logging
        ├── Notification Service
        └── Data Layer (JPA)

---

Key API Endpoints

Authentication

• POST /api/auth/login
• GET /api/auth/me

Access Requests

• GET /api/access-requests
• GET /api/access-requests/my-requests
• GET /api/access-requests/pending-approvals
• POST /api/access-requests
• PUT /api/access-requests/{id}/approve
• PUT /api/access-requests/{id}/reject
• PUT /api/access-requests/{id}/cancel
• PUT /api/access-requests/{id}/revoke

Users

• GET /api/users
• GET /api/users/{id}
• PUT /api/users/{id}
• PUT /api/users/{id}/activate
• PUT /api/users/{id}/deactivate

Roles

• GET /api/roles
• GET /api/roles/{id}

Role Permissions

• GET /api/roles/{roleId}/permissions
• POST /api/roles/{roleId}/permissions
• DELETE /api/roles/{roleId}/permissions/{permissionId}

User Roles

• GET /api/users/{id}/roles
• POST /api/users/{id}/roles
• DELETE /api/users/{id}/roles/{roleId}

Permissions

• GET /api/permissions
• GET /api/permissions/{id}

Audit Logs

• GET /api/audit-logs/entity/AccessRequest/{id}

Notifications

• GET /api/notifications
• PUT /api/notifications/{id}/read

---

Demo Users

Role	Email	Password
Employee	alice.employee@demo.local	Password123!
Manager	karim.manager@demo.local	Password123!
Admin	sofia.admin@demo.local	Password123!

---

Typical Workflow

1. Employee submits access request
2. Request enters PENDING
3. Manager reviews → moves to UNDER_REVIEW
4. Admin approves or rejects
5. System logs all actions in audit trail
6. Notifications sent to relevant users
7. Request can later be revoked if needed

---

Why This Project Matters

This project demonstrates real-world backend and system design skills:

• secure authentication flows
• RBAC implementation
• multi-step approval workflows
• auditability and traceability
• admin tooling design
• separation of concerns between frontend and backend

It is not a CRUD app — it models an actual enterprise access governance system.

---

Portfolio Positioning

This project completes a full enterprise-like portfolio:

• Recruitment System → HR workflows
• Ticketing System → Support workflows
• Inventory System → Operations workflows
• Billing System → Finance workflows
• Access Request Platform → Security & Administration workflows

---

Future Improvements (Optional)

• Policy-based approval logic (dynamic rules)
• Pagination & advanced search
• Email notifications
• Permission grouping
• Activity feed on dashboard
• Fine-grained permission enforcement

---

Author

Mountadem Badr Software Engineer | Full-Stack Developer | Systems-Oriented Builder

Screenshots

Login

Dashboard

Access Requests List

Access Request Detail

New Request

Notifications

Users List

User Detail

Roles List

Role Detail

Permissions List