Skip to content

Passing Access Reviews to Others

Sometimes you may need someone else's input on an access review, or you may even need someone else to handle the review entirely. There are three ways to pass a review along to someone else, and each involves different levels of ownership or responsibility both for you and for the person you pass it to. These options are all things that the system administrator or certification owner can configure, so your ability to use any of these methods in your review will depend on how the certification has been set up.

Delegating Reviews

When you delegate a review item to someone else, you are allowing that person make the decisions and return the item to you, so that you can review it, accept or change their decision, and then sign off. With delegation, the original reviewer still retains ultimate control of the decision and the sign-off.

When the certification owner sets up the certification, they can configure it so that you can delegate an entire identity, or so that you can delegate individual access items one by one.

When you delegate a review, you choose who to delegate it to, and can enter comments to explain why you have delegated or to give instructions. Delegated items are listed in your Open tab and are labeled as delegated. The 3-line menu gives you options for viewing any decisions made by the person you delegated to, as well as history, details, and comments.

Reassigning Reviews

Reassigning is different from delegating, in that reassigned items are no longer the responsibility of the original reviewer. The person the items are reassigned to assumes complete responsibility for all decisions on those items, and must sign off on those decisions themselves. However, the original owner of the overall access review (that is, the person doing the reassigning) typically still retains responsibility for making sure the person the items were reassigned to completed the review.

Reassigning is done through the Bulk Decisions menu, even if you only want to reassign one item. Depending on how the certification was configured, you can reassign the whole identity, a single line item, or a specific set of items in bulk. When you reassign items, they no longer appear in your own list of access review items.

The default behavior for a reassignment is that the person who reassigns the items cannot sign off on their own certification until the reassigned items are completed and signed off by the person you reassigned them to. This means that although you are no longer responsible for the decisions in the certification, you still retain responsibility for making sure the new reviewer completes their review. However, there is a configuration option in the Certification setup that lets you override this requirement, so that the original owner can sign off on his or her own reviews even if some or all of the reassigned items are still pending action.

Forwarding Reviews

Forwarding a review means you relinquish all responsibility for the access review. You can not retract it, or even see what activity has occurred in the review – you pass all responsibility to the new owner, including the ability to change any decisions you may have already made.

Forwarding is done at the overall review level, from the main access review listing. That is, you can forward an entire review, but you can't forward individual line items or identities within a review.

Automatic forwarding can be set up for an individual, or at the certification level, and is typically used in an out-of-office scenario. It may also be configured to make sure that certain users never get assigned reviews; for example, executives might forward all their reviews to an administrative assistant.

What Reviewers Can Do With Delegated, Reassigned, or Forwarded Reviews

Delegated Reviews

When you delegate a review item, the user you delegate it to can make decisions about access in the same way as you the original owner can. An important point about delegated items is that they show up for the new reviewer as a work item under the My Work > Work Items menu rather than in an access review. In the Work Items listing, the reviewer clicks View to review to open the review page.

The user can make the same kinds of review decisions in the work items view as a reviewer might make in the Access Reviews view, for example they can approve, revoke, revoke account, and allow exceptions.

The reviewer can choose to decide on only some of the items you have delegated. Once they have made and saved their the decisions, they click Save Decisions to save all their changes and enter comments. If the reviewer left any items undecided when they click Save Decisions, those will revert to you and will appear on your Open tab, for you to process. The items the delegated reviewer has decided on will appear in your Review tab.

The person you delegate to also has the option to reject something that has been delegated. If someone rejects items you have delegated to them, those items will come back to you for review, and will revert to you and will appear in your Important tab.

The person you delegate can also forward the items to someone else for review. If this happens, you as the original owner will see an update in your review: you will see the name of the new owner as the delegate, rather than the name of the person you originally delegated it to.

Reassigned Reviews

Reassigned items appear to the new reviewer as new Access Reviews. The new reviewer can take actions on the review items in the same way as the original owner would have done, including delegating, forwarding, or reassigning the items to someone else. Certifications can be configured to limit the number of times each item can be reassigned. The default behavior for reassignments is that the original owner can not complete the signoff of the main access review until the person who the items were reassigned to has completed, saved, and signed off on their decisions.

Forwarded Reviews

Forwarded reviews or review items become the full responsibility of the user they were forwarded to. The new owner processes these reviews in the same way as an original owner would, with all the same options. When a review or review items are forwarded, they can no longer be recalled or acted on in any way by the person who forwarded them.

Undoing Delegation and Reassignment of Reviews

Sometimes when you pass a review item or an entire review to someone else, you may need recall it for some reason. To recall a review:

  • For individual delegated items, click the decision menu for an item and choose Undo Decision. When you undo a delegation, any decisions made by the person you delegated to are undone.

Note

You can only undo individual line item delegation if the items were delegated individually. In other words, if you delegated an entire identity, you cannot recall items one by one. You will have to undo the delegation of the entire identity.

  • If you have delegated an entire identity, you can go to the List view, and click the Undo arrow beside the identity you have delegated to undo the delegation. When you undo a delegation, any decisions made by the person you delegated to are undone.

  • You can recall a reassigned review, to take ownership back from the person you reassigned to and return ownership to yourself. To recall a review that have been reassigned, click the info icon at the top of the review, then click Additional Reviews. This will show you all the items that have been reassigned. To recall the review, click the Return button and confirm that you want to return the item to yourself. You can also use the Email icon to send an email message to the reassigned reviewer.

  • For reassigned line items, if the person you reassigned something to has made a decision, you can still undo or change the decision, until the reassignment owner has completely signed off on his or her review.

  • Forwarded items cannot be recalled. Once you forward something, you no longer have access to it, and cannot recall it or edit it in any way.