Use the Access Request Submitted Request/Response trigger and a workflow to achieve this. I had a similar use case when we only wanted certain people submitting access requests, so the workflow checked whether or not the user had a particular entitlement and returned approved=false if they didn’t