As a Review Owner, you can see only the review runs that you own. You can start the review run in preview mode or go live. The preview mode enables you to preview review definition, notifications, and review items before going live. The live review process starts with the initiation of a review run and ends when the Review Owner or Auditor, if specified, certifies the review. Between those two events, Reviewers and Fulfillers perform their assigned tasks.
This section provides the following information:
For an overview of the review process, see Understanding the Review Process. For steps in a review run, see Understanding the Steps in a Review Run
Each review runs according to its review definition, which specifies the following items:
Review type and name
(Optional) Review description and instructions for reviewers
Review items, such as user accounts, roles (technical and business), and permissions, to be reviewed by the specified Reviewers
Review options, such as whether certain actions require comments, and whether to allow self reviews
Individuals who serve as Reviewers, such as supervisors, permission owners, and application owners
(Optional) Individuals who monitor reviews, such as owners and auditors
(Optional) Escalation process for review items
Review timeframe that contains an expiration policy and partial approval policy
Notifications to be sent throughout the review
(Optional) A schedule for automatically starting the next review and repeating the review on a regular basis
(Optional) Default grouping of request items
For more information, see Section 21.0, Creating and Modifying Review Definitions.
When you initiate a review run, Identity Governance generates tasks for the assigned Reviewers. The Reviewers are responsible for reviewing a set of users and deciding whether the current user access should be maintained or revoked, or, in some cases, modified. Identity Governance can also escalate the process and send reminders until the Reviewer completes the task. The Review Owner can reassign Reviewers, review their actions on review items, and override their review actions.
Reviews that contain reviewers specified by a coverage map, can result in an escalation if no matches could be found from the coverage map. For more information about reviewers, see Specifying Reviewers. For more information about managing Reviewers, see Managing the Progress of Reviewers.
The source of the identities and permissions under review drives how requested changes are fulfilled. The fulfillment process can be manual tasks, automated actions in Identity Manager, actions sent to help desk services, or actions initiated by workflows in Identity Manager. In a manual fulfillment process, the applications catalog specifies the individuals responsible for making the requested changes. For example, your Help Desk group might be assigned to fulfill the changeset. If a Reviewer changes a user’s permissions, Identity Governance creates tasks for the specified Fulfillers.
For more information about fulfillment, see Fulfilling Changes Requested in the Review and Viewing Fulfillment Status.