About Reviews
Overview
Access Review refers to review of accesses and permissions for an identity, usually an end user, that is carried out to confirm whether the access and permissions assigned to that entity are still valid. Access Review Campaigns from Oracle Access Governance are used to review these access rights and can be created on-demand which you can choose to run either one-time or periodically from the Oracle Access Governance Console.
- User Access Review Campaigns
- Policy Reviews Campaigns
The type is determined by the data attributes chosen when configuring the campaign. The data attributes also depend on the target systems integrated with Oracle Access Governance. Some general rules to consider while configuring a campaign are:
Campaign Types | Description | Primary Selection Criteria | Additional Selection Criteria | More Details |
---|---|---|---|---|
User Access Review Campaign | Comprises a group of access reviews for members of your enterprise population where individual access to a specific source is checked and either certified or remediated |
|
Which cloud provider |
|
Policy Review Campaign | Comprises a group of policy reviews that evaluates access control of Identity and Access Management (IAM) Policies. | Which policy | Which cloud provider | If you select any of the primary policy selection criteria parameters, user criteria selection is no longer applicable and is disabled. |
Examples
Let's see some of the examples to create access review campaigns.
Example 1: Identity Access Reviews for a particular cloud provider
Scenario: You need to carry out identity access reviews to check roles and applications assigned to users on one of your cloud compartments on Oracle Cloud Infrastructure (OCI).
To do so, filter your cloud provider by selecting Which cloud provider and refine further to select your compartment. In addition, select applications from What are they accessing?, and roles Which roles?. However, you cannot perform policy reviews for your cloud compartment within this same campaign and Which policies? will be disabled.
Example 2: Review Access Permissions for an Application in your Organization
Scenario: To help your organization to deter any harm against misuse of access rights, you need to create a campaign to review access rights for the users of your organization who have update and terminate permissions for an application.
To do so, filter your division from Who has access?, select application from What are they accessing?, and select appropriate permissions using Which permissions?. You can either create a campaign to review permissions or review roles but both cannot be selected in a single campaign. In this example, Which roles? will be disabled along with Which policies?
Example 3: Review Policies for all Cloud Resources
Scenario: You need to carry out access reviews for all the cloud policies available in your cloud compartment.
To do so, filter your cloud provider by selecting Which cloud provider and refine further to select your compartment. In this example, this campaign will raise all the applicable review tasks for cloud policies under the Policy Review tab of My Access Reviews.