Access Reviews
Access Reviews help you maintain compliance by periodically reviewing user permissions and access to ensure they align with the principle of least privilege.
Enterprise Feature
Access Reviews are available exclusively on the Enterprise plan.
Why Access Reviews?
Over time, users accumulate permissions that may no longer be needed. Access reviews ensure:
- Users only have access they need
- Permissions are revoked when no longer required
- Compliance requirements are met (SOX, ISO 27001, etc.)
- Security posture is maintained
Review Process
- Review Created: Admin schedules an access review with scope and due date
- Notifications Sent: Assigned reviewers are notified
- Review Period: Reviewers evaluate each user's permissions
- Actions Taken: Permissions confirmed or revoked
- Completion: Review is closed and documented for compliance
Features
| Feature | Description |
|---|---|
| Manual Reviews | Ad-hoc reviews triggered by admins |
| Scheduled Reviews | Recurring reviews (monthly, quarterly) |
| Automated Reminders | Notifications to reviewers as due date approaches |
| Custom Review Scopes | Review all users, specific teams, or specific roles |
| Compliance Reporting | Generate reports showing review completion and actions taken |
Creating Access Reviews
- Go to Security Center > Access Reviews
- Click Schedule Review
- Configure the review parameters:
- Name: Descriptive name (e.g., "Q4 Access Review")
- Scope: All users, specific teams, or specific roles
- Reviewer: Assign one or more reviewers
- Due Date: When the review must be completed
- Recurrence: One-time, monthly, or quarterly
- Save the review
Reviewers will be notified and can complete their review from the same Security Center page.
Next: Learn about Session Management.