Assigning and Completing Reviews
Assigning Reviewers
Overview
If you are an Auditor or owning team admin, you can Assign Reviewers.
User Review is the view to manage and assign reviewers for user access points. You can either assign reviewers to a single user row by clicking Assign Reviewers for that row, or bulk assign by selecting multiple rows and clicking Assign reviewers in the top right.
Group Review is the view to manage and assign reviewers for group access points. You can either assign reviewers to a single user row by clicking Assign Reviewers for that row, or bulk assign by selecting multiple rows and clicking Assign reviewers in the top right.
Once you have assigned a reviewer, Opal will show one of several reviewer statuses.
Here are the status types you may see and what they mean:
-
Not Started: No reviewer(s) have taken action
-
Completed: All reviewer(s) have completed the review
-
Partially Completed: If there is only one reviewer, then the reviewer has started but has not completed the review. If there are multiple reviewers, then not all reviewers have completed the review.
-
Needs Attention:
- If you see this status type, that means there is an error that needs to be addressed. Click on the Needs Attention status to see which errors you are dealing with. In this case, we can see the warning listed is Self reviews are not allowed.
Here are the errors you may encounter and how to resolve them:
- Self reviews are not allowed: The reviewer is reviewing their own access, which has been marked as not allowed in the access review's settings, so an admin must add another reviewer for approval.
⚠️ Why Can't I Assign Reviewers?
If you don't see an option to assign reviewers, it means that you're not an Opal Auditor or an owning team admin.
Completing Reviews
Overview
Once an admin assigns a reviewer, they will review a snapshot for the resource and/or group. This means if an admin changes a resource or group after a review begins, the review won't capture this change.
My Reviews is the view for reviews that are assigned to the logged in user. Once they click into an item to review, they will see an overview of users and groups whose access to a resource needs to be reviewed.
For each row, reviewers have three options:
1. Approve the user or resource by clicking on the Accept checkmark button
2. Reject the user or resource by clicking on the Revoke x button
3. Update the user's access level by selecting one of the options in the dropdown with two arrows
To explain any of your decisions, it is possible to Add note:
You can also perform bulk actions on multiple rows at once by selecting rows and choosing an option from the top bulk action bar.
Once you have finished selecting review actions, finalize and submit the review actions by clicking Submit access review in the top right. Submitting these changes will write the changes to each end system.
Access Changes
To view and manage proposed changes, go to the Access Changes view.
For connected applications, Opal automatically revokes access on the end system based on the reviewer's decision, so after submitting a revoke decision, you do not need to perform any more actions.
For custom connections, Opal cannot connect to the end system and won't revoke access automatically. In this case, customers use Opal as a system of record and trigger project management workflows with ticketing systems.
In order for a custom connection's revocation to be complete in an access review, you must either mark the user as revoked manually in this Access Changes view or link a ticket that, when closed, will mark the user as revoked.
Updated 6 months ago