we currently handle our periodic User Access Reviews (UARs) through a painful manual process involving spreadsheets. We want to leverage our ServiceNow platform to streamline this entirely.

My goal is to have a process where, as an application owner, I can receive a task in ServiceNow, view a list of all users who have access to my specific application, and then take direct action (i.e., click an "Approve" or "Revoke" button) for each user right from my dashboard or the Service Portal. The results (especially the "Revoke" actions) should then ideally trigger a fulfillment task to our IT support team.

I am looking for guidance on the best way to implement this in ServiceNow, keeping the non-admin (manager/owner) experience as the top priority.

Specifically, I'm wondering:

1. What is the recommended approach? Is building a custom application on the App Engine the standard way to go, or is this a feature of the ServiceNow GRC: Identity and Access Management module that we should be looking into?

2. How can we design the end-user experience? What's the best way to present the list of users and their access rights to a manager in the Service Portal? Should it be a custom widget, a list view, or something else?

3. How can we handle the data import? For applications not integrated with ServiceNow, we would need to kick off the review by uploading a CSV/Excel file of users and their entitlements. How is this typically handled in a UAR process?

4. What does the fulfillment process look like? After I click "Revoke," what's a good way to automatically generate a task (e.g., a sc_task or incident) assigned to the correct team to carry out the removal of access?

I'd be very grateful for any best practices, examples, or high-level steps on how to architect this solution effectively. Our main goal is to make this process simple and intuitive for the business users who have to perform these reviews.

Thanks in advance!