1. Using Advanced Controls
  2. Review a Role Request

Review a Role Request

A request approver may not have immediate knowledge of the person for whom a role is requested. So the purpose of a review is for an informed person, such as the user's manager, to provide input to the request approver. But the reviewer's input is purely advisory; the request approver isn't bound by it.

You can review a role request only if a request approver selects you as its reviewer. It's possible for the approver to make a final decision on the request without selecting a reviewer, in which case the review process is skipped. If you're selected, complete this procedure:

  1. Open the Access Request Reviews dashboard. From the Pending Review list, click the ID for the request you want to review.

  2. In the summary record of the request, click the name of a role you're reviewing, to open its details drawer. Look over information about the data request associated with the role and the user to whom the role is to be assigned. Also, if access controls were active when the request was made, go over the controls that have been violated and the conflicting roles those controls have identified.

    You may be asked to review multiple assignments of a single role to a single user, each with its own security context. If so, then even though they're related, you can accept or decline the risk for each of them independently of one another.

  3. Close the details drawer for the role you're reviewing. In the summary record, accept or decline the risk:

    • A request may be for one role. Or it may be for multiple roles, but you want to review them individually to make differing judgments. For each role, click the Accept Risk icon (a check mark in a circle) or the Decline Risk icon (the × symbol in a circle). In either case, a drawer opens. In it, write a justification for your decision (this is mandatory) and click either an Accept Risk or Decline Risk button.

    • If the request is for multiple roles, you may choose to accept or decline all of them at once. Expand the Actions menu and select its Accept All or Decline All option. This opens the same Accept or Decline drawer, which you'd complete in the same way. But, of course, your decision would apply to all the requested roles.

  4. Depending on your decision, you can click the Accepted Risks or Declined Risks filter to review your work. Or, for a multiple-role request, click the Pending Review filter to list roles you've yet to act on.