Role Membership and Entitlement Owner Access Reviews
Role Membership and Entitlement Owner access reviews share a common user interface. The access review might look different in your instance of IdentityIQ depending on the configuration and the options selected when the certification was defined. These are all object list-type certifications.
For detailed information on certifications and access reviews, see About Certifications(LINK IN DOC).
For detailed information on completing an access review, see Access Review Decisions / Operations(LINK IN DOC).
Access Review Details – Object List
The object list is composed of all roles or entitlements that are part of this access review.
The object list page contains three tabs:
-
Important – contains items that require immediate attention, such as returned delegations.
-
Open – all of the other access review items that have yet to be acted upon.
-
Review – the items on which a decision has been made.
By default the page opens with the Important tab displayed, if there are issues that require immediate action.
Object List Page Features
The following features are available for all of the tabs:
-
Object list icon -- click the icon to display a list of the items that make up the access review.
-
Download to CSV icon -- click the icon to download the access review list to a CSV file.
-
Information icon -- click the information icon to get details about the access review, including due date, owner, phase, number of completed items and revocations.
-
Columns -- add, remove, or rearrange the columns displayed on the page.
-
Group By -- rearrange the sort order of items on the page.
-
Filter -- use a filter to limit the items displayed.
-
Bulk Decision button -- make the same decision for multiple items. If only one action is applicable, that action appears on the button.
-
Bulk select / deselect -- click the box on the header line and choose to select or deselect multiple items.
The access recommendations icon is only displayed If SailPoint AI-Driven Identity Security was purchased and activated for your installation of IdentityIQ. Access recommendations are not available on Entitlement Owner Certifications. See About SailPoint AI-Driven Identity Security(LINK IN DOC) for more information.
- Access Recommendations -- display the Decision Recommendation popup
Important Tab
The Important tab contains the following information:
Note
The Important tab is not displayed if no urgent issues exist.
Entitlement List - Important Tab
| Column | Description |
|---|---|
| First Name | The first name associated with the item that requires access review. |
| Last Name | The last name associated with the item that requires access review. |
| Display Name | The entitlement named used throughout IdentityIQ" />. |
| Attribute | The attribute with which the entitlement is associated. |
| Account Name | The name of the account with which the entitlement is associated. |
| Description | Description of the entitlement. |
| Return Comment | Any comments associated with this item. |
| Decision | The decision made by the reviewer to whom this item was delegated, or by the user from whom it was revoked. |
Role Membership List - Important Tab
| Column | Description |
|---|---|
| First Name | The first name associated with the item that requires access review. |
| Last Name | The last name associated with the item that requires access review. |
| Role | The name of the role. |
| Description | Description of the role. |
| Classifications | For Role Membership reviews only. This column appears if Show Classifications was enabled for the certification. If an entitlement has classification data associated with it, to flag that the permission gives access to potentially sensitive or otherwise protected data, a classification icon appears in this column. Click the icon to see details about the classification. |
| Return Comment | Comments from the reviewer to whom the decision was delegated. |
| Role Application | The application with which the role is associated. |
| Decision | The decision made by the reviewer to whom the decision was delegated. |
Delegated items are still part of this access review and must be acted upon before it is complete.
Use Reassign to reassign the policy violation decision to another user.
Open Tab
The Open tab contains the following information:
Entitlement List -- Open Tab
| Column | Description |
|---|---|
| First Name | The first name associated with the item that requires access review. |
| Last Name | The last name associated with the item that requires access review. |
| Display Name | The entitlement named used throughout IdentityIQ" />. |
| Attribute | The attribute with which the entitlement is associated. |
| Account Name | The name of the account with which the entitlement is associated. |
| Description | Description of the entitlement. |
Role Membership List -- Open Tab
| Column | Description |
|---|---|
| First Name | The first name associated with the item that requires access review. |
| Last Name | The last name associated with the item that requires access review. |
| Role | The name of the role. |
| Description | Description of the role. |
| Classifications | For Role Membership reviews only. This column appears if Show Classifications was enabled for the certification. If an entitlement has classification data associated with it, to flag that the permission gives access to potentially sensitive or otherwise protected data, a classification icon appears in this column. Click the icon to see details about the classification. |
| Return Comment | Comments from the reviewer to whom the decision was delegated. |
Use the Decision column to Approve or Revoke the item, or click the menu icon to display additional options; Allow, Delegate, Revoke Account, Comment, History, Account Details.
Click the recommendation icon for details about the recommendation. The access recommendations icon is only displayed If SailPoint AI-Driven Identity Security was purchased and activated for your installation of IdentityIQ. Access recommendations are not available on Entitlement Owner certifications.
See About SailPoint AI-Driven Identity Security(LINK IN DOC) for more information.
Revoking an account affects all role or entitlements with which it is associated.
Delegated items are still part of this access review and must be acted upon before it is complete.
Use Bulk Decisions to make decision for multiple items or reassign items to another decision maker.
Review Tab
The Review tab contains all of the items upon which a decision has been made. Click the menu icon in the Decision column to change or undo a decision.
Click the automatic approval icon for details about the approval. The automatic approval icon is only displayed If SailPoint AI-Driven Identity Security was purchased and activated for your installation of IdentityIQ. See About SailPoint AI-Driven Identity Security(LINK IN DOC) for more information.
How to Perform an Object List Access Review
Note
The options available in an access review are dependent on the configuration of IdentityIQ and the option defined when the certification was scheduled.
Note
Use Bulk Decisions to reassign items to another decision maker.
-
Access the object list details from the My Access Reviews page or directly from your Home page.
-
Select items individually and select an action in the Decision column.
--- OR ---
Select multiple items and select an action from Bulk Decision list.
-
Click Save Decisions to move the completed items to the Review tab.
Note
Automatically approved items are displayed on the Review tab where you can accept the approval or change the decision as needed.
-
Review your decisions on the Review tab and make any required changes.
-
When all decisions have been made, click Sign-Off Decision to display the Sign Off on Certification dialog.