Enable Event-based Access Reviews
Setup Event-Based Access Review
To manage event-based access reviews using the Oracle Access Governance Console:
Event-based access reviews can be enabled and configured for the following event-types:
- Identity Enabled
- Identity Disabled
- Department Change
- Manager Change
- Organization Change
- Location Change
- Job Code Change
- Custom Attribute
Display name of the custom attribute is displayed in a tile format. You may see one or more custom attributes' tiles which depends on attribute's selection to enable the event-based functionality.
Note:
If you don't see the option for selecting custom attributes, contact the Oracle Access Governance Administrator. You first need to enable it from the Administration settings within Oracle Access Governance Console. See View and Configure Custom Identity Attributes. - Multiple Event Changes
To enable event-based access reviews:
- Log in to the Oracle Access Governance Console with a user assigned the Administrator application role.
- Select from the
navigation menu. Click Access Reviews and then Event-Based Setup. The Event-Based Setup landing page is displayed.
- Each event type is displayed as a tile with a status of Enabled or Disabled and an Actions drop-down menu, providing the option to Edit or View details. Select Edit for the event-type you want to enable.
- On the Configure the event type screen:
- Use the radio button to Enable or Disable the event-type.
- If you want to auto-approve low risk task for this event type, select Yes.
- The Oracle Access Governance service provides a suggested optimal workflow for the event-type. You can select Save to accept the suggested workflow, Cancel to abandon the setup, or I'll choose my own workflow to configure the workflow. If you choose I'll choose my own workflow then follow the subsequent steps.
- Select how many levels of approval you want for your reviews.
- One-level approval workflow
- Two-level approval workflow
- Three-level approval workflow
- For each review level, select how you want the review to be
handled.
Parameter Value Who is the first|second|third reviewer? - Owner
- User manager
- User
- Custom reviewer
Note:
You can only assign a reviewer type to a single review level. If you assign User to Level 1, you cannot then assign User to Level 2 or 3, and so on.How many days do they have to review? Number of days for each review Who gets the notification? - Only reviewer
- Reviewer and manager
Who do you want to send reminders to? - Only reviewer
- Reviewer and manager
How many days between reminders Number of days for the gap between reminders - Select where review decisions require a justification.
- Required for all review decisions
- Required only for revoke decisions
- Optional for all review decisions
- Select the completion rule for the review. This gives a default action for all
un-reviewed tasks at the end of each approval workflow level. Choose from the
following values:
- Approve all un-reviewed tasks
- Revoke all un-reviewed tasks
- Select Save to save your workflow definition or Cancel to discard your changes.
- You return to the Configure the event type screen. Select Save to keep the changes to your event-type configuration, or Cancel to abandon the changes.
Configure Multi-Events
Multi-events occur when Oracle Access Governance receives changes for more than one event-type, that is associated with a single identity.
Users with the Administrator application role can configure a shared workflow which is applied when multi-events are identified. To configure the shared workflow:
- Log in to the Oracle Access Governance Console with a user assigned the Administrator application role.
- Select Event-Based Administration → Event-Based Setup from the
navigation menu.
- Select Edit shared workflow.
- On the How do you want multi-event reviews to
proceed? screen:
- Confirm if you want to auto-approve low risk task for this event type by selecting Yes or No.
- Select how many levels of approval you want for your reviews.
- One-level approval workflow
- Two-level approval workflow
- Three-level approval workflow
- For each review level, select how you want the review to be
handled.
Parameter Value Who is the first|second|third reviewer? - Owner
- User manager
- User
- Custom reviewer
Note:
You can only assign a reviewer type to a single review level. If you assign User to Level 1, you cannot then assign User to Level 2 or 3, and so on.How many days do they have to review? Number of days for each review Who gets the notification? - Only reviewer
- Reviewer and manager
Who do you want to send reminders to? - Only reviewer
- Reviewer and manager
How many days between reminders Number of days for the gap between reminders - Select where review decisions require a justification.
- Required for all review decisions
- Required only for revoke decisions
- Optional for all review decisions
- Select the completion rule for the review. This gives a default
action for all un-reviewed tasks at the end of each approval workflow
level.
- Approve all un-reviewed tasks
- Revoke all un-reviewed tasks
- Enter a name for the default access review owner.
- Select Save to update the shared workflow configuration, or Cancel to discard the changes.
View Event-Types
As an Administrator you can view the details of each event-type in the Oracle Access Governance Console.
To view event-based settings:
- Select Event-Based Administration → Event-Based Setup from the
navigation menu.
- Select View details from the Actions drop-down menu for the event-type you want to view.
- The Event - <event type name> screen is displayed, allowing you to view the following details:
- Status of the event type (Disabled or Enabled), and the date when the status was last changed.
- Whether the low-risk tasks for this event-based access review will be auto-approved or not.
- Details of the approval workflow.
- Details of when justification is required.
- Details of the completion rule.
- Default owner of the access review.