Access Reviews
Access Reviews help you maintain compliance by periodically reviewing user permissions and access to ensure they align with the principle of least privilege.
Overview
Access reviews are scheduled evaluations of user permissions to ensure:
- Users only have access they need
- Permissions are revoked when no longer required
- Compliance requirements are met
- Security posture is maintained
Access via Security Center
Access Reviews are managed through the Security Center:
- Navigate to Security in the top bar
- Click on the Access Reviews tab
- View scheduled, active, and completed reviews
Creating Access Reviews
Via Dashboard
- Go to Security Center > Access Reviews
- Click Schedule Review
- Configure the review parameters:
- Review scope (all users, specific teams, specific roles)
- Reviewer assignment
- Due date
- Recurrence (one-time, monthly, quarterly)
Via API
const review = await client.accessReviews.create({
name: 'Q4 Access Review',
scope: {
type: 'team',
teamIds: ['team-engineering', 'team-security']
},
reviewers: ['user-admin-123'],
dueDate: '2024-12-31',
recurrence: 'quarterly'
});
Review Process
- Review Created: Admin schedules an access review
- Notifications Sent: Reviewers are notified
- Review Period: Reviewers evaluate each user's permissions
- Actions Taken: Permissions confirmed or revoked
- Completion: Review is closed and documented
Feature Availability
| Feature | Business | Enterprise |
|---|---|---|
| Manual Reviews | Yes | Yes |
| Scheduled Reviews | Yes | Yes |
| Automated Reminders | Yes | Yes |
| Custom Review Scopes | - | Yes |
| Compliance Reporting | - | Yes |
Next: Learn about Session Management.