Creating Access Reviews

Creating an access review is the first step to coordinating reviews and reviewers. For each access review, you will:

• Specify the review details, including name and type of review, who it will be performed by, and the review time frame.

• Specify the settings based on the type of review.

• Select the fields that the reviewer will see.

• Set up email alerts.

Types of Access Reviews

There are five types of access reviews:

• User to Role - The User to Role review allows Managers or Role Owners to review role assignments and determine whether they are appropriate in the target SAP system. When a review is completed, Access Risk Management deprovisions the access associated with any rejected roles. You can also manually deprovision access outside of an access review.

• Role to TCode - The Role to TCode review allows Role Owners to review and recertify that the transaction codes included in their respective roles are appropriate.

• User to Risk - The User to Risk review allows Managers or Risk Owners to review the list of users and the level of risk associated with their access. They can choose to approve or reject that access.

• Risk to Mitigating Control - The Risk to Mitigating Control review allows Risk Owners to review the risks that are mitigated by each mitigating control.

• Rulebook Details - The Rulebook Details review allows Risk Owners to review the details of each risk in the rulebook, such as risk rating, process area, and description.

Get started by selecting Access Reviewer and choosing Create Access Review.