Reviewer Selection Methods

Configuring fallback behavior for reviewer auto-assignments.

Overview

When creating a review or choosing to Reassign Reviewers, administrators can assign one or more default reviewers for all rows and auto-assign reviewers for individual rows. When auto-assigning reviewers, fallback reviewers are used for any rows where an owner or manager cannot be identified, or would be prevented from review for any reason.

This document describes how possible candidates are evaluated, and the behavior when a reviewer can’t be found or automatically assigned. The Veza support team can help you customize reviewer selection methods for your tenant.

Learn more:

Managers and Resource Owners: Enable auto-assignment of a manager or resource owner.
Self-review Prevention: Block users from reviewing their own access.
Manage Reviewer Deny List: Maintain a list of users prevented from reviewer assignment.
Delegate Reviewers: Appoint users as subordinate reviewers in the place of specific users.

Reviewer selection logic

Rows in an access review can be assigned to the possible candidates:

Reviewers: Default reviewers assigned to all rows, specified at review creation. There can be more than one default reviewer for a review.
User Managers / Resource Owner: A user identified as the manager of the employee whose access is under review, or a resource owner.
Fallback Reviewers: Assigned when a user manager or resource owner cannot be found, or if a rule would prevent assignment (such as self-review prevention or the reviewer deny list). There can be more than one fallback reviewer.

Veza uses the following logic when assigning reviewers for a new review, and when rows are re-assigned after review creation:

Reviewers are all candidates for assignment. User and Resource Managers are also candidates.
Fallback Reviewers become candidates when no candidates are available or allowed for assignment.
If a rule prevents a candidate's assignment, the other specified Reviewers are assigned.
If all candidates are not allowed, Veza will try to assign alternate reviewers based on the selection method.

Changing the reviewer selection method

When a valid candidate can’t be found, Veza can assign that reviewer's manager, fallback reviewers, the workflow creator, or a Veza local user with the administrator role.

The Veza Customer Success team can change this global setting to enable any of the following selection methods. If the first selection method can find at least one allowed alternate reviewer, the user is assigned. Otherwise, the next selection method is attempted. Possible selection methods are:

REVIEWERS_MANAGER | Assign the manager of the prevented candidate.
CERTIFICATION_ALTERNATE_REVIEWERS | Assign to the first valid Fallback Reviewer, for certifications created using auto-assignment.
WORKFLOW_CREATOR | Assign to the workflow creator.
ADMIN | Assign to an arbitrary local Veza admin user.

For example, with the selection methods:

"value": {
    "selection_methods": [
        "REVIEWERS_MANAGER",
        "CERTIFICATION_ALTERNATE_REVIEWERS"
    ]
}

Veza will not assign the workflow creator or a system administrator as a fallback behavior. Instead, Veza will:

Assign the denied candidate's User Manager (if allowed).
Otherwise, assign the first valid Fallback reviewer.
Assign no reviewers for results where a valid manager or fallback reviewer does not exist.

PreviousReview Presentation Options NextAccess Review Scenarios

Last updated 2 months ago