> For the complete documentation index, see [llms.txt](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/access-reviews/how-to/reviewer-interface.md).

# Using the Reviewer Interface

### Overview

The review interface is a spreadsheet-style view for approving or rejecting different types of entities and access relationships. The review scope and [Review Presentation Options](/4yItIzMvkpAvMVFAamTf/features/access-reviews/configuration/presentation-options.md) dictate how query results appear in the reviewer interface, and what types of entities are source, destination, or intermediate nodes.

The reviewer's interface implements strict role-based access controls:

* *Review creators and administrators* have full visibility into all rows and review metadata. This includes all reviewer assignments and overall progress.
* *Access Reviewers* only have visibility into rows assigned to them and cannot see the full review metadata. They *can* see their individual progress, including the number of items they have acted on or completed and their total assigned rows.

Reviewers use this page to:

* Approve or reject their assigned rows.
* Assign other reviewers for a row.
* Sign-off on their decisions.

Operators and administrators can use the reviewer's interface to:

* Annotate rows and mark rejected rows as "Fixed."
* View and edit review details, notifications, and Veza Actions.
* Review overall progress, action logs, and automation status.
* Mark the review "Complete" after all rows have decisions.
* Export the view to share findings or import rows into another system.

The sections below describe actions and features after opening a review as an operator or access reviewer:

### Accessing the reviewer interface

#### Opening the reviewer interface

You can access the reviewer interface from the **Access Reviews** overview. Click a review name on the **Active Reviews** tab to open it.

To open the results of an active review for a single configuration:

1. Find the configuration on the **Access Reviews** > **Configurations** list.
2. Click a configuration name to open the details page.
3. Find a review on the list of **Active Reviews** and click **Open** to open it.

### Reviewing and managing rows

#### Row actions

Apply actions to individual results using the dropdown menu (⠇) to the right of each row. The available actions vary depending on your role and the row's state.

* *Approve*
* *Reject*
* *Re-assign reviewer*
* *Sign off*
* *Add Note*
* *Clear Decision*
* *Mark as Fixed*
* *Open in Graph Builder*

Note that decisions can be reverted until they are signed off.

See [Assign Reviewers](/4yItIzMvkpAvMVFAamTf/features/access-reviews/how-to/assign-reviewers.md) for more details on assigning reviewers.

**Row action logs**

See all historical activity for a row by opening the action log:

1. Expand the row actions menu.
2. Click **View Action Log**.
3. Review the events by type, description, user, and timestamp.

**Row fixed status**

Administrators can denote rejected rows as fixed following remediation.

"Fixed" is a unique state that denotes an access rejection is successfully remediated. Depending on your system settings, you can require that access reviews cannot be marked complete until all rows are either "Approved" or "Fixed."

To update the fixed status of a row:

1. Expand the actions menu for a **Rejected** row.
2. Click **Mark as Fixed**.

**Risk visibility in the side panel**

When Access Intelligence is enabled, clicking the **Risk Score** value in the review table opens the row details panel to the **Risks** tab. This tab shows all contributing risk factors for every entity in the access path, including:

* Risks for source entities (the identity under review)
* Risks for destination entities (resources being accessed)
* Risks for waypoint entities (intermediate groups or roles)
* Risks for joined nodes (associated IdP users)

For details on the Risk Score column and how to use it during reviews, see [Access Path Risk Score](/4yItIzMvkpAvMVFAamTf/features/access-reviews/how-to/access-path-risk-score.md).

#### Annotating rows

Use the **Add Note** action to document a decision, suggest a resolution, or leave a comment on any row. Notes are visible to the review owner and other reviewers assigned to the row.

Reviewers can be required to add a note when they approve or reject access, depending on [Access Reviews Settings](/4yItIzMvkpAvMVFAamTf/features/access-reviews/configuration/access-review-settings.md).

To add a note to a row, use a bulk action or the row actions dropdown.

* Adding a note replaces the current one.
* Only the most recent note appears in the "Notes" column.
* Earlier entries are available under **Actions** > **View Action Log**.

{% hint style="info" %}
Depending on how your organization has configured Veza, marking a row as rejected can create a ticket in an ITSM system such as ServiceNow or Jira. See [Veza Actions](/4yItIzMvkpAvMVFAamTf/features/access-reviews/configuration/veza-actions.md) for how this is configured.

When a row is linked to an ITSM ticket, the **Request Number**, **Request Status**, **Request URL**, and **Request Last Updated At** columns (fields `itsm_request_number`, `itsm_request_status`, `itsm_request_url`, and `itsm_request_last_updated_at`) can display the ticket details. These columns are hidden by default. See [Customizing Default Columns](/4yItIzMvkpAvMVFAamTf/features/access-reviews/configuration/columns.md#itsm-request-columns) to make them visible.
{% endhint %}

#### Compare with prior review

The **Compare with prior review** view shows the current review's rows side-by-side with the most recent prior review produced from the same Configuration. Use it to see what changed since the last cycle and to focus reviewer effort on the deltas.

To open the comparison view:

1. From the reviewer interface, click **View** > **Compare with prior review**.
2. The Reviews page reloads with each row annotated with its diff status: **Added**, **Changed**, **Removed**, or **Unchanged**.

Group by diff status from the **Grouped by** dropdown to keep added, changed, and removed rows visually separated from unchanged rows.

The prior-review comparison only applies between reviews produced from the same Configuration. Reviews created from different Configurations are not compared, even if they reference the same query.

#### Persistent sign-off footer

Once at least one row in the review has a decision waiting to be signed off, a persistent footer appears at the bottom of the page with running counts of **Approved** and **Rejected** decisions, and a button to commit them. The footer stays visible as the table scrolls.

* The default scope is all unsigned-off decisions in the current view (current filters and groupings applied).
* Selecting one or more rows narrows the scope to the selected rows. The footer counts update to reflect the selection, and **Sign off** applies only to those rows.
* The one-click **Approve and sign off** action appears in the top toolbar when one or more rows are selected, for users who prefer to commit decisions immediately.

#### Tags in the reviewer interface

To show tags in the reviewer interface, source and/or destination tags must be included in review configuration (Advanced Options).

When enabled, all tags are shown in an additional column. Click a tag key to show the tag values.

An administrator can enable tags to appear as attributes in the reviewer interface by promoting individual tag keys. These keys are shown in columns, displaying the tag value for each row. See [Promoted Tags](/4yItIzMvkpAvMVFAamTf/developers/api/tags/promoted-tags.md). You can apply Veza tags to entities with an API or from the Graph search sidebar.

#### Show access for a single user

**Early Access**: The option to filter by a user is currently provided as an optional feature and must be enabled by the Veza support team.

When reviewing access for a few different identities, it can be helpful to focus on rows related to a single user in the results. You can use the **Show Users** button to list each unique user involved in a review and open a filtered list of all the results related to an individual user.

![Quickly filter on a single user](/files/jAtAiVwtpjtHam3WAIr5)

To filter the reviewer interface on rows related to a single identity:

1. Click the **Show Users** button above the results. The button only appears when the query's source node is a *principal*.
2. The list of **Unique Users** will open, containing the full list of unique source entities in the query results.
3. Choose an identity from the list. You can search by username, id, or email address to find a specific user.
4. Click **View Details** to open the results related to that user in a new tab.

Note that in the current release, for users with the access reviewer role, the **Show Users** button lists *all unique users in the review*, which can include users from rows that are not assigned to the current reviewer.

#### Exporting review rows

Owners and administrators can export rows directly from the reviewer interface. CSV exports include all entity attributes and row metadata, suitable for importing into another tool. PDF exports include a title page and additional pages for metadata about the overall review status.

![Exporting rows in the reviewer interface.](/files/p3r412sLY0VaaU436O6P)

{% hint style="info" %}
When Access Intelligence is enabled, the `access_path_risk_score` field is included as an integer in CSV and XLSX exports.
{% endhint %}

To download row metadata in CSV format:

1. From the reviewer interface, click **Export** > **Export to CSV**.
2. Enter a name for the downloaded file.
3. Choose specific columns to export, or export all columns by default.
4. Add transformations to convert Column Names > Export Names.
5. Click **Export**.

To export rows in PDF format:

1. From the reviewer interface, click **Export** > **Export to PDF**.
2. Enter a name for the downloaded file.
3. Enter a title for the document cover page.
4. Pick columns to include (up to 12).
5. Reorder and transform column names for readability.
6. Click **Export**.

### Customizing the reviewer interface

By default, the reviewer's interface shows each row's source (usually a user or other principal) name and type, effective permissions (if available), and the name and type of destination entity (usually a resource). Reviewers can resize, rearrange, and show or hide columns to focus on critical details. Any changes are saved to the browser.

Administrators can change the default columns for all reviews or customize review columns for a particular configuration. To set defaults directly from the reviewer interface, click **Admin** > **Set Columns as Default** after arranging columns to the desired layout. For the full column syntax reference and API-based configuration, see [Customizing Default Columns](/4yItIzMvkpAvMVFAamTf/features/access-reviews/configuration/columns.md).

#### Show enriched columns in the review interface

Access reviews involving local user accounts that are associated with external IDP users can optionally support an **IDP User** column group. This group contains attributes specific to external users associated with the source user.

Reviewers and Operators can use the column selector to display these additional IDP User fields, such as risk score, title, department or activity status. These columns will be empty for local users without an ßassociated IDP user:

![Enabling IDP User columns in the reviewer interface.](/files/mnu3ogLiaUi23leozMaC)

### Completing a review

After all results are signed-off, operators can click **Complete** to finish the review, preventing further changes:

1. Open the reviewer interface.
2. Click *Complete* at the top right to finish the review.

See [Access Reviews Settings](/4yItIzMvkpAvMVFAamTf/features/access-reviews/configuration/access-review-settings.md) for more information about possible completion settings for your tenant.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/access-reviews/how-to/reviewer-interface.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
