You can use profile entitlements to control the elevated access that users temporarily receive from approved requests.
This is the companion discussion topic for the documentation at https://documentation.sailpoint.com/access-risk-mgmt/help/eam/select_profile_entitlements.html