I have some questions regarding Technical Roles and Access Request from
a customer using 3.0 SP1.

Also looking for best practice guidance when it comes to Access Request
in IGA.

They use technical roles for grouping together AD groups that should be
requested and granted together, e.g. for some applications that use AD
for authorization.

Even permissions that can be represented by a single AD group are
created as Technical Roles for user experience reasons. Otherwise some
permissions have to be requested from the Applications tab and some from
the Access Profiles.

1) Can you hide the Applications tab under Browse Requests if not using
it? My guess is yes, using CSS?

2) Can you have icons for technical roles? (you can add icons to single
permissions that show up very nicely in the Applications tab)? My guess
it's not possible.

3) Permissions granted using technical roles cannot be removed by the
user from the Current Access view. By design or a setting somewhere?

4) If a technical role, e.g. "LOB access for accountants" contains
multiple permissions such a GroupA, GroupB and GroupC, can you get the
technical role to show up under "Current Access" instead of each
individual permission?

4.a) Related to 4, if a Technical Role contains 3 permissions, the
person approving a request can approve/deny every one of those 3
permissions. Is it possible to just approve the technical role instead
of each permission?

5) IF they would use the Applications tab instead of Access Profiles all
of their AD based applications would show up under the Active Directory
application. Is it possible to subdivide an application into other
applications which doesn't involve creating a bunch of application
collectors that would collect some specific groups just for having
another "application"?