As a Review Owner, you can view only the review runs that you own. You can start the review run in preview mode or go live. The preview mode enables you to preview review definitions, notifications, and review items before going live. The live review process starts with the initiation of a review run by on-demand action, schedule, or micro certification and ends when the Review Owner or Auditor, if specified, certifies the review. Between those two events, Reviewers and Fulfillers perform their assigned tasks.
NOTE:Micro certifications are focused reviews which are always run in live mode. For an overview of the review process and an understanding of micro certification, see Understanding the Review Process
and Understanding Micro Certification
in the NetIQ Identity Governance Administrator Guide.
This section provides the following information:
For steps in a review run, see Understanding the Steps in a Review Run.
Each review runs according to its review definition, which specifies the following items:
Review type and name
(Optional) Review description and instructions for reviewers
Review items, such as user accounts, roles (technical and business), permissions, user access rights, and direct reports to be reviewed by the specified Reviewers
Review options, such as whether certain actions require comments, and whether to allow self reviews
Individuals who serve as Reviewers, such as supervisors, permission owners, and application owners
(Optional) Individuals who monitor reviews, such as owners and auditors
(Optional) Escalation process for review items
Review time frame that contains an expiration policy and partial approval policy
Notifications to be sent throughout the review
(Optional) A schedule for automatically starting the next review and repeating the review on a regular basis
(Optional) Default grouping of request items
For more information, see Creating and Modifying Review Definitions
in the NetIQ Identity Governance Administrator Guide.
When a review run is initiated, Identity Governance generates tasks for the assigned Reviewers. The Reviewers are responsible for reviewing a set of users and deciding whether the current user access should be maintained or revoked, or, in some cases, modified. Identity Governance can send reminders to the Reviewer or escalate the review items to the Escalation Reviewer, if one was specified in the Review Definition, or to the Review Owner. Also, review items in the exception queue (unmapped accounts) are automatically assigned to the Escalation Reviewer if an escalation reviewer was specified for that review.
Reviews that contain reviewers specified by a coverage map, can result in an escalation if no matches could be found from the coverage map. For more information about reviewers, see Specifying Reviewers
in the NetIQ Identity Governance Administrator Guide. For more information about managing Reviewers, see Section 3.3.5, Managing the Progress of Reviewers. For more information about performing a review, see Performing a Review.
The source of the identities, permissions, accounts, and roles under review drives how review-related requested changes are fulfilled. The fulfillment process can be manual tasks, automated actions in Identity Manager, actions sent to help desk services, or actions initiated by workflows in Identity Manager. Review Owners and Review Administrators can view fulfillment status of review items as soon as a review run is partially or fully approved.
For more information about fulfillment and viewing fulfillment status, see Section 5.1, Understanding the Fulfillment Process and Section 3.3.7, Viewing Fulfillment Status.