Skip to main content

Reviewing user access

Roles and permissions

The following roles can review user access for an access review:

  • Administrators who have been assigned as the Reviewer for user records in the access review

  • Compliance managers who have been assigned as the Reviewer for user records in the access review

  • Users who have been assigned as the Reviewer for user records in the access review

One or more people in your organization can review user access. For example, managers or team leads could review user access to an application for their group of direct reports, or the application administrator could review access for everyone.

Note

The review status must be In Progress to edit user access records. If the access review is still in Setup, click the Launch button in the banner above the records to review to set it to In progress. See Setting access review status.

When a review is launched, Hyperproof creates a review task for each reviewer in the access review. If an assigned reviewer doesn't have an account in Hyperproof, they are invited to the organization and must accept the invitation before conducting a review.

Reviewers are notified that they have user accounts to review either via email or a task created in an integrated system, such as Jira. Notification emails and tasks contain a link reviewers can use to directly access the list of applications and users they need to review. Due to the sensitive nature of the data being accessed, reviewers are asked to log in to Hyperproof to conduct their review.

Note

If you access your review assignments using the link in the notification email or task, you can skip to the images in Step 5 and continue following the instructions from there.

To review user access to an application:

  1. From the left menu, select Access reviews.

  2. Select the access review you want to update.

  3. Select the Tasks tab.

    A list of tasks displays. Unless you are the owner of the access review, you only see the tasks assigned to you to review or update.

    ar-task-list.png

  4. Click your review task. Review task names start with the name of the assignee.

    The task Details panel displays.

    ar-task-details.png

  5. Click the Start review button.

    The applications and associated lists of users to be reviewed display.

    ar-reviewer-only.png
    ar-reviewer-page2.png

    Note

    The content of the review window varies depending on whether you are just a reviewer or also a sysadmin for the same list of users. This window displays only the information you are responsible for reviewing or updating. For example, if you aren't the sysadmin for any records, the Access updated, Sysadmin notes, and Proof, columns don't display.

  6. Select an application from the list on the left to begin reviewing users.

  7. For each user, click the green checkmark ar-green-check.png for Yes or the red X ar-red-x.png for No in the Maintain access column.

    • If you select ar-green-check.png Yes for a user, no further action is needed. That user's access will be maintained as it is. The fields in the Access updated column are grayed out and can't be edited because the user's access doesn't need to be updated.

    • If you select ar-red-x.png No, the Access notes window displays.

      1. Under What change is needed? select either Remove access or Change access.

      2. In the text field, enter any pertinent information about the updates that need to be made to this user's access.

      3. Click Save.

  8. If you have not completed all the reviews, click Save and close. You can return to the review task anytime to complete your review.

  9. If all reviews are completed, click Submit.

    A new window displays indicating that the task has been submitted. Submitting the review task sets the task status to Closed.

Reviewer window fields

Field

Definition

<Application name>

Displays a tab with the name of each application being reviewed. Click the name of the application you want to review.

Status

Status.svg

Statuses include:

  • Not_started.svg - Not started - Reviewer has not entered a response under Maintain access.

  • In_progress.svg - In progress - Reviewer has entered No under Maintain access, meaning an update to the user account is required.

  • Complete.svg - Complete - Reviewer has entered Yes under Maintain Access or the sysadmin has entered a response under Access updated.

Account to review

Full name and username or email of the user whose access is being reviewed.

Note

If both username and email were included when creating the application user list, the username takes precedence and is displayed. Email is hidden.

Role

Role assigned to the user for this application, such as user or administrator. Role names are determined by the application.

Last login

The last time this user logged into the application being reviewed. Use this date to locate accounts that are no longer being used.

Job title / Department

The job title and department of the user being reviewed. This information is pulled from the employee directory and is matched to the user record based on the user's email address. If the email address is unavailable, Hyperproof tries to match based on the user's full name.

Employment status

The user's employment status. This information is pulled from the employee directory and is matched to the user record based on the user's email address. If the email address is not available, Hyperproof tries to match based on the user's full name.

Maintain access?

(At current role)

Indicates whether or not the user should maintain their current access to the application. Options include:

  • ar-green-check.png Yes - Indicates that user access should not be changed.

  • ar-red-x.png No - Indicates that user access should be changed. Requires that you enter additional information in the Access notes field.

Access notes

Notes containing information about the access changes needed for a user. Notes are required for any user where the Maintain access field is set to No. To update or add a note, click in the notes field.

In this section: