You can allow users to request access to roles and access profiles by configuring them for access requests. This access appears in the Request Center and each request can be reviewed by a pre-configured set of identities to ensure the access only goes to users who need it.
This is the companion discussion topic for the documentation at https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html