When you deal with limiting who can request what sort of access and for whom, you normally want to base it on a scoping model. If you look at the drop-down of the rules that are available OOTB (what can members request et al.), they’re all based on requester’s and requestee’s scopes. I would say that if your use case is limited to one or two populations of requesters and a handful of entitlements, then using the approach provided to you is ok, but if your scale is larger, then it is not sustainable, in my opinion.
Please close this thread by marking the response from @Remold as solution , if you have received answers for your question.