Assign Reviewers

Overview

When creating a review, operators will specify one or more reviewers for all the rows. They can also automatically assign rows to the applicable user’s manager or resource owner when auto-assignment is available.

After creating a review as a draft, operators can assign reviewers for each row and validate auto-assignments. Once the review starts, reviewers can reassign their work to others as needed.

Reviews can involve many different reviewers, who might be assigned only some of the rows in a review:

• By default, the possible reviewers are Veza local users or external users who have logged in with single sign-on.

• Reviewers can have the "Access Reviewer" role which limits the reviewer to essential review functions within Veza Access Reviews. See User Management for possible user roles.

• See Configuring a Global Identity Provider to show all users in your organization as possible reviewers. This also enables manager auto-assignment.

• Veza can identify and assign Managers and Resource Owners as individual reviewers for each row.

• See Email Notifications and Reminders to inform reviewers and other stakeholders by email when rows are re-assigned or other actions occur.

Assign reviewers during review creation

When creating a review, operators may optionally assign one or more default reviewers. These reviewers are designated to act on all rows in the review.

To add default reviewers:

1. On the Configurations page, find the configuration you will create a review for.

2. Click the review name to open the Details page.

3. Click New Review to open the review creation wizard.

4. Under Assign Reviewers, choose users from the list to assign them as reviewers for all rows.

Auto-assign reviewers

Auto-assignment will delegate decision-making to users Veza can identify as the manager of an identity under review, or the owner of a resource the identity can access. Veza supports auto-assignment both for all rows at review creation, and for selected rows when re-assigning reviewers.

• Managers are identified by a user's manager attribute from the global IdP.

• Resource owners are identified by Veza tag on the destination resource, added by API or from the Access Visibility > Graph actions sidebar.

• Fallback Reviewers are assigned when a manager or resource owner cannot be found. Fallback reviewers are also used when a rule, such as a potential reviewer being on the deny list, would prevent the assignment.

To auto-assign reviewers when creating a review:

1. On the Configurations page, find the configuration you will create a review for.

2. Click the review name to open the Details page.

3. Click New Review to open the review creation wizard.

4. Under Assign Reviewers, enable an option to Auto-Assign Reviewers:

See Reviewer Selection Methods for more on fallback behavior and rules.

You must integrate a global identity provider (IdP) for Access Reviews to enable manager auto-assignment. For more details, see Managers and Resource Owners.

Reassign row-level reviewers

Once a review is in progress, operators and assigned reviewers can re-assign rows to another reviewer. In the reviewer interface, the Reviewers column shows any non-default reviewers for each row.

To reassign reviewers for a row:

1. Expand the row actions dropdown menu (⠇) and click Reassign Reviewers.
2. Choose from the list of possible reviewers to reassign the row, or enable an auto-assignment method:

Reassign row-level reviewers with a bulk action

In the reviewer's interface, you can use a bulk action to reassign many rows at a time:

1. Tick the boxes to enable bulk actions on several rows.

2. Click Reassign Reviewers above the table of results.
3. Assign reviewers by type to search for a username or email, or auto-assign the user manager or resource owner.

4. Confirm your selection and click Save.

See Filters and Bulk Actions for more information about combining bulk actions with filters for efficient review workflows.