Perform Access Reviews - Evaluate and Certify Access Review Tasks

As an Access Reviewer, you can certify access privileges using the My Access Reviews feature. You can accept or revoke identity accesses, group memberships, policies, or unmatched accounts. These tasks can be carried out by any active user associated with a specific approval workflow.

For example, if John is the reviewer for WorkflowA, and Susan is reviewer for WorkflowB, then John can access review tasks associated with WorkflowA. Susan can access reviews associated with WorkflowB. If we have Betty who is not associated with any approval workflow, then that user cannot perform tasks against any reviews.

You can bulk approve low-risk items, check the AI/ML-equipped prescriptive analytic insights, review high-risks items, and make informed decisions based on AI/ML-driven recommendations provided by Oracle Access Governance.

Review Identity Access Tasks

Identity Review tasks include certification of identity access rights, evaluating user accounts, permissions, and roles. These review tasks can be generated by Campaigns, User-Created Access Reviews, or identity events. Reviewers can make decisions from the My Access Reviews page, considering recommendations driven by prescriptive analytics.

Search a specific access review task by task name, across the available tabs. You can apply the suggested filters to view focused results. View the count of total review tasks for each review type assigned to you. By default, you will see the Identity review tasks tab.
Here's how you can accept or revoke identity access review tasks:
  1. In the Oracle Access Governance Console, select Access Reviews, and then My Access Reviews from the Navigation Menu navigation menu.
    The My Access Reviews page is displayed.
  2. Review the information listed for the assigned access review tasks. As a reviewer, you can see all the user-created, campaigns-initiated, and event-based review tasks.
  3. Review the recommendations.
  4. To view review insights, select the View link under Insights column, corresponding to each review tasks.
  5. Choose one of the options to make a review decision:
    • On the My Access Review page, corresponding to each review task, select the row-level tick icon tick icon to accept the access, or the cross-icon cross icon to revoke the access. Optionally, you may choose to reassign a review task.
    • On the My Access Review page, for each review task, select the check box, and then select the Accept button, or the Revoke button.
    • On the Insights page, select the Accept button, or the Revoke button.
  6. In the confirmation pop-up dialogue, add comments or justification for your action, and then select Submit.

    Note:

    • If you revoke an Account task, then it will auto action to revoke all the related entitlement tasks.
    • If you accept the only entitlement (Role or Permission) for an account, then it will auto action to accept the related Account task.
    • When you revoke a review item, the item is remediated automatically. A request is sent back to the orchestrated system to revoke the item. No manual steps are required.

Review Policy and Identity Collection with Access Control Tasks

Access control review tasks include certification of Oracle Access Governance policies, identity collections, or Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policies or OCI groups. These review tasks can be generated by user-created, or on-demand policy review or identity collection campaigns. Reviewers can make decisions from the My Access Reviews page, considering recommendations driven by prescriptive analytics.

Search a specific access review task by task name, across the available tabs. You can apply the suggested filters to view focused results. View the count of total review tasks for each review type assigned to you.
On the Insights page, you can view our recommendation for the review task. On the left-panel, you can view the policy details. You can view the association details for the policy, and view a series of review tasks initiated for that policy or identity collection since the time it was granted.
To perform an access control review task:

Accept or Revoke Policy Review Tasks

  1. In the Oracle Access Governance Console, select Access Reviews, and then My Access Reviews from the Navigation Menu navigation menu. The My Access Reviews page is displayed.
  2. Select the Access Control tab.
  3. Review the information listed for the assigned review tasks. As a reviewer, you can see all the user-created, campaigns-initiated review tasks.
  4. Look over the recommendations for each review task.
  5. To view insights and make decision, select the Actions link under Insights column, corresponding to each review tasks. The Insights page is displayed.
  6. Choose one of the options to make a review decision:
    • To review each policy statement individually, in the Access association section, select the row-level tick icon tick icon to accept the statement, or the cross-icon cross icon to revoke the policy statement. Optionally, you may choose to reassign a review task.
    • To accept all policy associations at once, select Accept all, or else select Revoke all.

    Note:

    The non actionable statements provide no access rights, therefore no action can be taken on those policy statements. For example, any rule statement that forms a construct which can further be used in other policy statements to provide access rights.
  7. Select Apply to save your decision. In the confirmation pop-up dialogue, add comments or justification for your action, and then select Submit.

Accept or Revoke Identity Collection Review Tasks

  1. In the Oracle Access Governance Console, select Access Reviews, and then My Access Reviews from the Navigation Menu navigation menu. The My Access Reviews page is displayed.
  2. Select the Access Control tab.
  3. Review the information listed for the assigned review tasks. As a reviewer, you can see all the user-created, campaigns-initiated review tasks.
  4. Look over the recommendations for each review task.
  5. To view insights and make decision, select the Actions link under Insights column, corresponding to each review tasks. The Insights page is displayed
  6. Choose one of the options to make a review decision:
    • To review membership for each identity within the identity collection, in the Included named identities section, select the row-level tick icon tick icon to accept the statement, or the cross-icon cross icon to revoke the policy statement. Optionally, you may choose to reassign a review task.
    • To accept all memberships at once, select Accept all, or else select Revoke all.

      Note:

      If you choose to review OCI IAM group membership and it contains members whose assignments are managed by Oracle Access Governance, then you can accept or revoke only the directly assigned members. For members managed by Oracle Access Governance, you must create a separate campaign for OCI Access Bundles using the Which permissions? tile in the Oracle Cloud Infrastructure (OCI) system. For more information, see Review Access to Systems Managed by Oracle Cloud Infrastructure (OCI).
  7. Select Apply to save your decision. In the confirmation pop-up dialogue, add comments or justification for your action, and then select Submit.

Review Unmatched Accounts with Ownership Tasks

Ownership review tasks include audit of unmatched accounts, initiated by event-based access reviews. These tasks help organizations review any unmatched accounts with identities in Oracle Access Governance. Reviewers can make decisions from the My Access ReviewsOwnership page, considering recommendations driven by prescriptive analytics.

Search a specific access review task by task name, across the available tabs. You can apply the suggested filters to view focused results. View the count of total review tasks for each review type assigned to you. On the Insights page, you can view our recommendation for the review task. On the left-panel, you can view the unmatched account information. On the right, you can view details, and make appropriate decisions based on them.
To perform an ownership review task:
  1. In the Oracle Access Governance Console, select My Access Reviews from the Navigation Menu navigation menu. You navigate to the My Access Reviews page.
  2. Select the Ownership tab.
  3. Look over the recommendations for each review task.
  4. To view insights and make decision, select the Actions link under Insights column, corresponding to each review tasks. The Insights page is displayed.
  5. To associate an identity with the unmatched account, click Select an identity button.
    1. In the Match account to identity panel, select the desired identity either from the Suggested identities or the All identities tab.
    2. Select Match.
    3. Select Apply to save your decision. In the confirmation pop-up dialogue, add comments or justification for your action, and then select Submit.
  6. To remove the unmatched account, select Remove. In the confirmation pop-up dialogue, add comments or justification for your action, and then select Submit. Optionally, you may choose to reassign a review task.

Review Resource Ownership with Ownership Task

Ownership review tasks include audit of ownership of Oracle Access Governance resources, initiated by ownership review campaigns from the Oracle Access Governance system. Reviewers can certify the current owners, change resource ownership, or reassign the review task to some other reviewer from the My Access ReviewsOwnership page.

Search a specific access review task by task name, across the available tabs. You can apply the suggested filters to view focused results. On the Ownership tab, you can apply filters using the Assignment type to view specific ownership task type. View the count of total review tasks for each review type assigned to you.

To perform an ownership review task:
  1. In the Oracle Access Governance Console, select My Access Reviews from the Navigation Menu navigation menu. You navigate to the My Access Reviews page.
  2. Select the Ownership tab.
  3. Apply filters using the Assignment type to view ownership task.
  4. To make decisions or change ownership, select the View link, corresponding to each review tasks.
  5. To change ownership of the resource, select the Change ownership button.
    1. In the Who is the primary owner field, select the desired identity to whom you want to assign as the primary owner.
    2. In the Who else owns it field, select one or more additional owners for the resources. You can assign up to 20 additional owners.
    3. Select Done.
    In the Ownership section, you can view the updated owners in the list.
  6. Optional: If you want to return to the original list of owners, select the Reset changes button.
  7. Once confirmed:
    • To save and certify the updated list, select Apply.
    • To certify the original list of owners, select Accept.
    Optionally, you may choose to reassign a review task.
  8. In the confirmation pop-up dialogue, add comments or justification for your action, and then select Submit.
As a resource owner, you can verify your changes by viewing the resource details, or by viewing the access details from the My AccessOwnership page.

Reassign a Review Task

Reassign a single or multiple review items to other reviewers. The review tasks are shifted from the original reviewer to the new reviewer. Only the new reviewer can see the reassignment details in the access review trail.

You cannot reassign self-review (one where a user is the beneficiary as well as the approver), delegated, or escalated review tasks. The Reassign button for these review tasks is disabled.
  1. In the Oracle Access Governance Console, select Access Reviews, and then My Access Reviews from the Navigation Menu navigation menu.
    The My Access Reviews page is displayed.
  2. Choose one of the options to reassign a review task:
    • On the My Access Review page, for each review task, select the reassign-icon reassign icon to reassign the access.
    • On the My Access Review page, select the check box at the row-level, and then select the Reassign button.
    • On the Insights page, select the Reassign button.
  3. In the Confirmation pop-up window:
    1. Select the reviewer to whom you want to reassign.
    2. Enter justification to reassign the review item.
    3. Select Submit.
      A confirmation message is displayed