A change request is an object in an IAM system, which may have been submitted either by a human user filling in a request form on a request portal or by an automated process, which encapsulates a proposed change to create or modify an identity, to set or change identity attributes, to add or remove membership in security groups, or to assign or revoke a role.
Requests typically have at least two of the following participants:
Requests also have a payload -- specifying what changes will be made to the recipient. The payload consists of operations that will be made on target systems. These operations may specify security groups that the recipient's accounts should be attached to or removed from and/or identity attributes to apply to the user's profile.