Versions Compared

Version Old Version 19 New Version 20
Changes made by

Matt McIrvin

Matt McIrvin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


In this guide you will learn:

  1. The types of access reviews that can be created

  2. How to define the users, applications and permissions to be included

  3. The options for advanced campaign settings

  4. Ways of enabling and controlling email notification and automated escalation

Creating the access review

...

The last several settings all have to do with controlling how review items are automatically assigned to a reviewer, and, in some cases, automatically pre-processed. This can save your organization a lot of time.

  • Allow self-review: This setting can be used to control whether reviewers are allowed to review their own permissions. By default, there is no restriction on this.

    • If this is set to “Reassign self reviews to the application Technical Owner”, then when populating the campaign, a review that would go to the reviewee will instead go to the Technical Owner, or if that is not possible, to the first available campaign monitor (or if neither is possible, it will remain unassigned).

    • If this is set to “Reassign self reviews to the application monitor”, then a review that would go to the reviewee will instead go to the first available campaign monitor, or if that is not possible, to the Technical Owner (or if neither is possible, it will remain unassigned).

    • This setting also disables the individual reassignment of reviews to the reviewee. In bulk reassignments and review delegation, the above rules will be honored.

See the following pages explaining some specific settings:

  • Business roles: Automatically filtering access reviews using business roles

  • Designated Reviewers and Delegates: Fine-tuning review assignments with Designated Reviewers and Review Delegates

  • Assign Review to Resource Owner: Some permissions are resource permissions, having to do with access to or control of a particular application resource, such as a database. In some cases, these resources have a resource owner already defined. If “Assign Review to Resource Owner” is set to Yes, these review items will be automatically assigned to the resource owner. This setting takes precedence over Designated Reviewers, but not over delegation; that is, if the resource owner has a delegate, the delegate will be the reviewer.

  • Assign Review to Permission Owner: Some permissions may have a permission owner already defined. (This can be set by editing the Available Permissions pane of the application’s Profile tab, as described in https://zilla.atlassian.net/wiki/spaces/ZILLASUP/pages/edit-v2/2352775169?draftShareId=ddaf37c2-6f29-4d65-9ab1-a8a213d1d509 ). If “Assign Review to Permission Owner” is set to Yes, these review items will be automatically assigned to the permission owner. This setting takes precedence over assignment to Designated Reviewers and Resource Owners, but not over delegation; that is, if the permission owner has a delegate, the delegate will be the reviewer.

...