Review Process

The review process involves a review of permissions, access certification, access requests, or access fulfillments.

A review process consists of one or more levels, each level containing one or more reviewers. The reviewed permissions and violations move through the process from the reviewers on the first level through the last level.

Each reviewer decides whether to approve or revoke a given permission or violation. If there are multiple reviewers on a given level, the administrator can configure that level to require the approval of only one, or all, of the reviewers.

There are two types of review processes:

Static

Defining all reviewers at each level statically, disregarding the groups to which they belong.

Dynamic

Defining all reviewers at each level dynamically, based on the content of a permission field.

Reviewers can review many permissions during the review process. Each permission consists of several entities, consisting of these and other details:

  • User

  • Group

  • Business Resource

  • Permission Types

The permissions in the table below can serve as a simple illustration of a review process.

User

Group

Business Resource

Permission Type

Fatima

Engineering

C:\R&D

Read

Lucas

Accounting

C:\Finance

Full Control

John

Legal

C:\Legal

Read/Write

The determination of the identity of the reviewer for the permissions to review is based on the values in the Group Column, for example:

  • Chen will review the Engineering group

  • Ahmad will review the Accounting group

  • Emma will review the Legal group

To accomplish this, we must provide File Access Manager with a Data Source having these conditions, mapped in a specific format.

Mapping identifies:

  • Reviewer: User or Group

  • Reviewer Name

  • Reviewer Domain

The Data Source must contain a list of conditions that map a value to one or more reviewers.

A permission can consist of multiple fields, such as User Domain, User Type, Group Domain, Group Type, Permission Type, and the enriched fields of each basic entity.

Dynamic review process types include:

Dynamic Applications

Includes permission entity fields (User, Group, Business Resource, and Permission Type) used in review decisions. These review processes are relevant to campaigns in which the scope contains either an application or a BR of a single application.

Dynamic Identity Collector

Includes User/Group entity fields used in review decision. These review processes are relevant to campaigns in which the scope contains multiple applications or BRs that share the same identity collector.

Review process activities include:

  • Create a review process

  • Edit a review process

  • Delete a review process