Create User Access Review Campaigns
As an Administrator or Campaign Administrator, you can create one-time or periodic access review campaigns from the Oracle Access Governance Console. In this article we will look at how you can create on-demand user access reviews. You can define selection criteria based on users (who has access?), applications (what are they accessing?), permissions (which permissions?), and roles (which roles?). You can also define the approval workflow to select the number of review levels, review duration, and reviewer details.
Note:
Customers with existing campaigns created prior to the July 2023 release (legacy campaigns), should be aware of the following points regarding compatibility:- All legacy campaigns that were in Draft or Scheduled state, will be amended to System Aborted state.
- Users will not be able to clone legacy campaigns. You will only be able to clone new campaigns, created with the July 2023 release and future releases.
To create a user access review campaign using Oracle Access Governance Console:
Selection Criteria
By default, all identity data ingested from the orchestrated system is available to the access review campaign. This may be a large amount of data, so selection criteria allow you to narrow the criteria available for the campaign:
- Who has access: Selecting review criteria to filter users based on standard (Organization, Job, Location), or custom attributes.
- What they are accessing: Selecting review criteria to filter users based on resources they have access to
- Which permissions: Selecting review criteria to filter users based on individual permissions, such as create, update, terminate, or approve, or access bundles
Note:
Access bundles are identified with theicon. If you click on the icon, the Access bundle details pop-up displays, showing you what permissions are included in the access bundle.
- Which roles: Selecting review criteria to filter users based on application roles.
- Which cloud providers
Note:
- The selection criteria vary based on the ingested data from the orchestrated system and a few tiles listed above may not be available for selection. For example, if no roles are available in the orchestrated system schema definition, then you won't see the Which roles tile.
- If you select any of the identity parameters above, policy criteria selection (which policies?) is no longer applicable and is disabled.
These criteria can be chosen and edited in any order before moving on to the next step. If you do not need to update each dimension, you can select any number from those above, and leave the remaining unchanged. If you do not need to narrow the criteria for your enterprise, then you can choose to move to the next step without adding any selection criteria. All criteria can be searched by name
Note:
The following combinations are not supported and are mutually exclusive, that is you can select only one of the two while creating a campaign:- Which permissions and Which roles
For example, you can create a campaign by selecting Who has access?, What are they accessing?, and Which roles? but you cannot create a campaign with the combination of Who has access?, Which roles?, and Which permissions?
Assign Workflow
The Assign Workflow step is where the approval workflow for your access review is selected.
Add Details
With the Add Details step, you can define the frequency (one-time or periodic) at which to run an access review campaign, give a meaningful name to your campaign, add a supporting description, and assign values to additional attributes, such as who owns it and when the campaign should start or end.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.