🔏Access Reviews
Veza Access Reviews enable critical business processes for examining and validating access rights on your organization’s applications, systems, and resources.
Last updated
Veza Access Reviews enable critical business processes for examining and validating access rights on your organization’s applications, systems, and resources.
Last updated
Welcome to the Access Reviews product documentation!
Reviews leverage the Veza graph to provide repeatable and scalable certification campaigns for user access and entitlement review. Depending on your organization and compliance requirements, the scope of review might include user access to data, resource entitlements, roles, groups, policies, or any other source > destination relationship discovered by Veza. Access reviews can involve IdP identities, local users, service accounts, or any other entity Veza has discovered.
Access Reviews support many assigned users per review, with options for manual assignment after review creation. A mobile device experience provides simplified filtering, bulk actions, and reassignments for reviewers on the move.
The reviewer's interface presents the access under review in a spreadsheet-like format, with columns showing attributes and details such as roles, groups, permissions, and decisions. Reviewers can open an assigned review to approve or deny the level of access according to business policy and compliance requirements. Typically, these users are compliance engineers, managers, and system or data owners with the Access Reviewer role.
When conducting a review, users will review each assigned row to take action and leave notes on each result. If the original reviewer cannot decide, they can re-assign the row to another user in the organization. Reviewers can sort, filter, and act in bulk for efficient workflows.
Downstream system integrations enable remediation processes. Email notifications keep stakeholders informed when decisions occur, deadlines approach, and reviewers are (re)assigned.
While the original review configuration search conditions can be edited, the final decisions and the relationships under review are immutable. Completed reviews represent a snapshot of all decisions: immutable and vault-ready evidence for internal and external auditors.
The following topics can help you familiarize yourself with Access Reviews concepts and workflows:
For more information, see the rest of the Access Reviews documentation. Expand the section on the left navigation to view all topics, or use the quick links for popular pages:
