1. Access Governance Cloud Service
  2. Review
  3. About Reviews

About Reviews

Overview

Access Review refers to review of accesses and permissions for an identity, usually an end user, that is carried out to confirm whether the access and permissions assigned to that entity are still valid. Access Review Campaigns from Oracle Access Governance are used to review these access rights and can be created on-demand which you can choose to run either one-time or periodically from the Oracle Access Governance Console.

As an Administrator or Campaign Administrator, you can create access review campaigns. There are currently two types of access review campaigns:
  • User Access Review Campaigns
  • Policy Reviews Campaigns

The type is determined by the data attributes chosen when configuring the campaign. The data attributes also depend on the target systems integrated with Oracle Access Governance. Some general rules to consider while configuring a campaign are:

Campaign Types Description Primary Selection Criteria Additional Selection Criteria More Details
User Access Review Campaign Comprises a group of access reviews for members of your enterprise population where individual access to a specific source is checked and either certified or remediated
  • Who has access
  • What they are accessing
  • Which permissions
  • Which roles
 Which cloud provider
  • Which permissions and Which roles are mutually exclusive, that is you can select only one of the two while creating a campaign.
  • If you select any of the primary identity selection criteria parameters, policy criteria selection is no longer applicable and is disabled.
Policy Review Campaign Comprises a group of policy reviews that evaluates access control of Identity and Access Management (IAM) Policies. Which policy Which cloud provider If you select any of the primary policy selection criteria parameters, user criteria selection is no longer applicable and is disabled.

Examples

Let's see some of the examples to create access review campaigns.

Example 1: Identity Access Reviews for a particular cloud provider

Scenario: You need to carry out identity access reviews to check roles and applications assigned to users on one of your cloud compartments on Oracle Cloud Infrastructure (OCI).

To do so, filter your cloud provider by selecting Which cloud provider and refine further to select your compartment. In addition, select applications from What are they accessing?, and roles Which roles?. However, you cannot perform policy reviews for your cloud compartment within this same campaign and Which policies? will be disabled.

Example 2: Review Access Permissions for an Application in your Organization

Scenario: To help your organization to deter any harm against misuse of access rights, you need to create a campaign to review access rights for the users of your organization who have update and terminate permissions for an application.

To do so, filter your division from Who has access?, select application from What are they accessing?, and select appropriate permissions using Which permissions?. You can either create a campaign to review permissions or review roles but both cannot be selected in a single campaign. In this example, Which roles? will be disabled along with Which policies?

Example 3: Review Policies for all Cloud Resources

Scenario: You need to carry out access reviews for all the cloud policies available in your cloud compartment.

To do so, filter your cloud provider by selecting Which cloud provider and refine further to select your compartment. In this example, this campaign will raise all the applicable review tasks for cloud policies under the Policy Review tab of My Access Reviews.