Access Reviews
Access Reviews help you maintain compliance by periodically reviewing user permissions and access to ensure they align with the principle of least privilege.
Enterprise Feature
Access Reviews are available exclusively on the Enterprise plan.
Why Access Reviews?
Over time, users accumulate permissions that may no longer be needed. Access reviews ensure:
- Users only have access they need
- Permissions are revoked when no longer required
- Compliance requirements are met (SOX, ISO 27001, etc.)
- Security posture is maintained
Review Process
- Review Created: Admin schedules an access review with scope and due date
- Notifications Sent: Assigned reviewers are notified
- Review Period: Reviewers evaluate each user's permissions
- Actions Taken: Permissions confirmed or revoked
- Completion: Review is closed and documented for compliance
Features
| Feature | Description |
|---|---|
| Manual Reviews | Ad-hoc reviews triggered by admins |
| Scheduled Reviews | Recurring reviews (monthly, quarterly) |
| Automated Reminders | Notifications to reviewers as due date approaches |
| Custom Review Scopes | Review all users, specific teams, or specific roles |
| Compliance Reporting | Generate reports showing review completion and actions taken |
Next: Learn about Session Management.