Symantec IGA

I have a access request screen where users can select certain provisioning role from a list based on the users department and submit for access. Its possible though to use Inspect element and just edit the HTML to add other roles and then submit the task. 

How to stop this?  Its easier to add a screen or attibute validation on change when its a number but when the role named are derived from business logic , its not easy to trace back to the original provisioning role name hence putting such a validation script is not easy task. Is there any other way of doing it?

How to disable the Inspect element is dependent upon the web browser being used.  While JavaScript can be written to disable the ability to right-click, use F12 or Ctrl+Shift+I for example, this is not specific to Identity Manager code and does not guarantee that a user couldn't still get past that.

not sure exactly how the solution is built but I think scoping should be the basic answer, In that case even if a user asked for certain access they shouldn't be able to the system will prevent to provide it in lack of access.

Depends on implementation, you can always add another layer like PX, Identity policy, event listener to make sure no one abuses the screen to try and get something they shouldn't have.