Taskboards - Reviews

The Reviews page (System Configuration > Taskboards > Reviews) allows you to define Permission Assist settings that affect the Review Items taskboard. You can also define corrective control policies for access requests. Settings in this area affect all access requests in all reviews and personnel events.

Option

Description

Reassign Identity

Allows you to determine who is able to reassign identities within the review using the Reassign Identity option. By default, this field is set to "Everyone" meaning all Permission Assist users are able to reassign identities if needed.

To restrict access to this option:

  • Select Reassign Identity and then select a different option (Nobody, Security, or Trusted) from the list.

Reassign

Review Supervisor

Allows you to determine who is able to reassign supervisors within the review using the Reassign Supervisor option. By default, this field is set to "Everyone" meaning all Permission Assist users are able to reassign supervisors if needed.

To restrict access to this option:

  • Select Reassign Review Supervisor and then select a different option (Nobody, Security, or Trusted) from the list.

Add Reviewer

Allows you to determine who is able to invite someone into the review to comment on or take action on review items as a specific role. For example, if a supervisor normally reviews their direct reports, but they would like to invite their department manager or application owner to comment on or review a specific item, they can add a reviewer to the review item so that person can take action as needed.

By default, this field is set to "Everyone" meaning all Permission Assist users are able to add reviewers to review items.

To restrict access to this option:

  • Select Add Reviewer and then select a different option (Nobody, Security, or Trusted) from the list.

View Risk Ratings

Allows you to determine who is able to see the risk ratings assigned to each privilege.

By default, this field is set to "Nobody" meaning risk ratings will not be displayed to anyone.

To change this setting:

  • Select View Risk Ratings and then select a different option (Everyone, Security, or Trusted) from the list.. When permitted, risk ratings are shown on the far-left column and indicated by their associated color (see example below).

  • Red - Critical

  • orange - High

  • Green - Moderate

  • Blue - Low

View Pre-Approved Review Items

Allows you to determine whether reviewers are able to see pre-approved items within the Review Items Taskboard.

By default, this field is set to "Everyone" meaning everyone will be able to see pre-approved items.

To change who can see pre-approved items:

  • Select View Pre-Approved Review Items and then select a different option (Security, Trusted, or Nobody) from the list.

Can Approve Own Review Items

Allows you to determine whether reviewers are able to take action on (approve or flag) their own permissions. 

By default, this field is set to "Everyone" meaning everyone will be able to review and approve or flag their own permissions. To change who can review their own permissions:

  • Select Can Approve Own Review Items and then select a different option (Security, Trusted, or Nobody) from the list.

Reviewers that are restricted from reviewing their own permissions will see the approval restriction message displayed in the Review Buttons area of the Review Items Taskboard (see picture below).

 

Always show a warning message even if the user can act

This option works in conjunction with the Can Approve Own Review Items option. When this option is selected, reviewers that are allowed to take action on their own permissions will see the following warning message displayed in the Review Buttons area of the Review Items Taskboard (see picture below).

Selecting the I understand and wish to continue link at the bottom of this message allows the reviewer to continue reviewing their own permissions and take action as needed.

 

Starting Remediation

These settings determine workflows for the remediation process.

Forced

Select this option if you want review items to be immediately sent to remediation if they are flagged. When this option is selected, no manual action is needed to send the item to remediation.

Optional

Select this option if you want reviewers to be able to flag review items without immediately sending the item to remediation. When this option is selected, the reviewer will need to manually start the remediation process.

None

Hides all remediation options. Select this option if you want to handle remediation outside of Permission Assist. Review items can still be flagged and comments may be used to indicate items are sent to remediation.

Limit the remediation workflow to only show assigned permissions or ones allowed by matching entitlement roles

When reviewers request that a user's permissions be changed, they're given the ability to request both the removal of existing privileges as well as the addition of new privileges. If you'd like to prevent reviewers from requesting additional privileges during the review process, select this option.

When this option is selected, reviewers will still have ability to request the removal of existing privileges, but they will not be able to request new permissions unless they are allowed based to the user's Entitlement Role.