Access Review Scans
To initiate a periodic access review, you must first define at least one access scan.
The access scan defines who will be scanned, which resources will be included in the scan, any optional audit policies to be evaluated during the scan, and rules to determine which entitlement records will be manually attested, and by whom.
Access Review Workflow Process
In general, the Waveset access review workflow:
-
Constructs a list of users, gets account information for each user, and evaluates optional audit policies
-
Creates user entitlement records
-
Determines if attestation is required for each user entitlement record
-
Assigns work items to each attestor
-
Waits for all attestors to approve, or for the first rejection
-
Escalates to the next attestor, if no response to a request is received within a specified timeout period
-
Updates user entitlement records with resolutions
See Access Review Remediation for a description of the remediation capabilities.
Required Administrator Capabilities
To conduct a periodic access review and manage the review processes, a user must have the Auditor Periodic Access Review Administrator capability. A user with Auditor Access Scan Administrator capability can create and manage access scans.
To assign these capabilities, edit the user account and modify the security attributes. For more information about these and other capabilities, see Understanding and Managing Capabilities in Chapter 6, Administration.
- © 2010, Oracle Corporation and/or its affiliates