Topics we will cover:
What are Access Reviews?
An access review is a process of periodically reviewing user access to resources, such as applications, groups, and data. The goal of an access review is to ensure that users only have access to the resources they need to do their jobs, and that access is revoked for users who no longer need it.
Access reviews can be used to:
- Identify and remove unused or excessive access
- Mitigate security risks
- Ensure compliance with regulations
- Protect sensitive data
- Improve efficiency and productivity
The frequency of access reviews will also vary depending on your organization's needs. Some organizations may conduct reviews annually, while others may conduct them quarterly or even monthly.
Access reviews are an important part of information security and risk management. By regularly reviewing user access, you can help to ensure that your resources are protected and that your data is secure.
Types of Access Reviews
There are currently three types of Access Reviews in Clarity: User, Role, and Active Identity Access Reviews.
User Access Reviews - This type of Access Review involves the review of access for a number of Identities in Clarity. The Review Builder offers many different types of User Access Reviews, based on different sets of users and has the ability to narrow the focus further based on user defined criteria. Also included in this option is the ability to create Access Reviews for both Orphaned Accounts and Unreconciled Users.
Check out User Access Review Types for a detailed look at User Access Reviews.
Role Access Review - This type of Access Review lets you perform a review on the birthright access granted to Roles in your organization. The main distinction between this type and the User Access Review type, is that this review type wont include individual identities (and their access), but rather the Entitlements granted by each role (or each Role included in your Access Review).
Check out Role Access Review Types for a detailed look at Role Access Reviews.
Active Identity Review - This type of Access Review will create a review for all of the Active Identities for the specific Identites, Identity Types, Supervisors, or Roles that you choose to include.
Check out Active Identity Access Review for a detailed look at Active Identity Reviews.
Creating, Modifying, and Deleting Access Reviews
Creating an Access Review
An Access Review can be created by selecting Access Reviews from the sidebar and then selecting Create New from the top right of the Access Reviews.
Reviewer, Frequency, Time, and Risk
Access Reviews can be assigned to Supervisors, Application Owners, Entitlement Owners, or another defined Default Reviewer if no Supervisor or Owner is found. You can further specify the Frequency, Start Date, and Time to Complete in Days, Weeks, or Months.
The Minimum Risk Score allowable for Rubber Stamping is a sliding scale that lets you specify the threshold to allow Rubber Stamping, or the ability to perform bulk approval or denial actions, to be done for the selected items on the review.
The type of Access Review will vary based on your needs. Clarity provides templates for common Reviews, such as High Risk, or Material Apps access. When creating a User Access review, you can select Specific Entitlements, Identities, Roles, Supervisors, or Tags. For a Role Access Review, the options are All Roles, Roles marked as High Risk, Selected Role Owners, Specific Roles, and Tagged Roles.
Exclusions will let you specify Applications, Entitlements, Owners, Roles, or Tags from the selected Type that you do not want to include in your Access Review.
Modifying an Access Review
Currently, you are only able to modify a review when it is Upcoming. You can however used the Archived Templates section to find old reviews you have genereated, and re-create them as is or make changes to the template before creating a new review.
Deleting an Access Review
Currently, you are only able to delete an Access Review when it is in the In Progress or Ready to Finalize status.
If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.