Reviewing user access

Roles and permissions

The following roles can review user access for an access review:

Administrators who have been assigned as the Reviewer for user records in the access review
Compliance managers who have been assigned as the Reviewer for user records in the access review
Users who have been assigned as the Reviewer for user records in the access review

Reviewing user access can be done by one or more people in your organization. For example, managers or team leads could review user access to an application for their group of direct reports, or the application administrator could review access for everyone.

Note

The review status must be In Progress to edit user access records. If the access review is still in Setup, click the Launch button in the banner above the records to review to set it to In progress. See Setting access review status.

To review user access to an application:

From the left menu, select Access reviews.
Select the access review you want to update.
Select the Review tab.
A dashboard of Applications to review displays.
Click the card for the application you want to review.
A list of users displays. Unless you are the owner of the access review, you only see the records assigned to you to review or update.
For each user, click either Yes or No in the Maintain access column.
- If you select Yes for a user, no further action is needed. That user's access will be maintained as it is. The fields in the Access updated column are grayed out and can't be edited because the user's access doesn't need to be updated.
- If you select No, the Access notes window displays.
  1. Under What change is needed? select either Remove access or Change access.
  2. In the text field, enter any pertinent information about the updates that need to be made to this user's access.
  3. Click Save.
    The fields in the Access updated column are white indicating that the sysadmin can modify them when the updates are complete.

Review page fields

The review page includes the following information.

Field	Definition
(# Records)	The number of user records included in the access review.
Status	Statuses include: - Not started - Reviewer has not entered a response under Maintain access. - In progress - Reviewer has entered No under Maintain access, meaning an update to the user account is required. - Complete - Reviewer has entered Yes under Maintain Access or the sysadmin has entered a response under Access updated.
Account to review	Full name and username or email of the user whose access is being reviewed. Note If both username and email were included when creating the application user list, the username takes precedence and is displayed. Email is hidden.
Role	Role assigned to the user for this application, such as user or administrator. Role names are determined by the application.
Last login	The last time this user logged into the application being reviewed. Use this date to locate accounts that are no longer being used.
Job title / Department	The job title and department of the user being reviewed. This information is pulled from the employee directory and is matched to the user record based on the user's email address. If the email address is not available, Hyperproof tries to match based on the user's full name.
Employment status	The user's employment status. This information is pulled from the employee directory and is matched to the user record based on the user's email address. If the email address is not available, Hyperproof tries to match based on the user's full name.
Maintain access? (At current role)	Indicates whether or not the user should maintain their current access to the application. Options include: Yes - Indicates that user access should not be changed and locks the fields in the Access updated column because they are unnecessary. No - Indicates that user access should be changed. Requires that you enter additional information in the Access notes field. Enables the fields in the Access updated column.
Access notes	Notes containing information about the access changes needed for a user. Notes are required for any user where the Maintain access field is set to No. To update or add a note, click in the notes field.
Access updated	Indicates whether or not the user's access has been updated in the application. This is where the person responsible for updating user access attests that the update has been done. Options include: Yes - Indicates that the user's access has been changed for the application being reviewed. No - Indicates that the user's access has not been changed. Requires that you enter additional information in the Sysadmin notes field indicating why the changes were not made.
Sysadmin notes	Notes about updating a user's access. Notes are required for any user where the Access updated field is set to No, indicating that the requested updates were not done. For example, if a user is on a temporary leave, it may be better to suspend the user account than to remove permissions. When the user returns, you can reinstate their account without having to reconfigure all of the permissions. To update or add a note, click in the notes field.
Reviewer	Name and email address of the person reviewing the selected record. Reviewers can only see the records assigned to them unless they are the owner of the access review.
Sysadmin	Name and email address of the person attesting to the access updates for the selected user record. The Sysadmin can only see records assigned to them unless they are the owner of the access review.
Groups	List of groups this user belongs to if groups are used to assign permissions.
Manager	Name and email address of the selected user's manager. This information is pulled from the employee directory and is matched to the user record based on the user's email address. If the email address is not available, Hyperproof tries to match based on the user's full name.

In this section:

Reviewing user access

Roles and permissions

Note

Review page fields

Note

Search results