Such products can produce customized forms for any purpose, including access management requests. These are the tools' sole function, and they don't come with a database. Once the form is built, however, the products can be set up to dump the requests into a database or drop them in an email box for your access management staff.
Any content management tool, such as Teamsite or Lotus Notes and Domino, should have development kits for creating customized forms. There are a number of other smaller players in the market as well, such as Absolute Form Processor from XIGLA and Form1 Builder from ezyForm.
Another possibility, if you have the development staff on hand, is to simply develop a Web-based application in-house. The application could be written in any widely used language -- Java, .NET, PHP or Python -- and would consist of a front-end form in HTML that sends request data to either an email box or a back end data store, where your access management staff could retrieve it later.
Development of Web-based forms with back-end databases is bread and butter work for most Web developers.
The only other thing to keep in mind when deploying such a system is to make sure it securely transmits access requests over SSL, even inside the company. It's also important that ordinary users have access only to their own data and not the requests of the whole company. Along these lines, Web, application and database servers supporting such a project should be hardened, patched and up-to-date.
This was first published in March 2007