Reviewer's Guide

Welcome to Permission Assist! We're excited to be working with you to complete your review process. If you are brand new to the review process within Permission Assist, the Reviewers Training video will help you get started. You may also want to visit the "Complete Review Items" topic for step-by-step instructions.

We hope you enjoy your review within Permission Assist!

Who are reviewers?

Within Permission Assist, a reviewer is someone who has been assigned the task of completing review items, which means they look at user permissions and determine whether those permissions are correct or not. When a Security Team member creates a review, they have the option of including different types of reviewers. Depending on how the review was set up, reviewers could include:

  • An Application Manager is the "owner" of an application or someone who is responsible for the administration functions and maintenance of that application. Within Permission Assist, Application Managers may be assigned to applications within the Responsibilities tab (Manage > Applications > select the application > Responsibilities tab).

    If the review is set up to require Application Managers, they are able to complete review items for users within their assigned application (this is their primary responsibility as a reviewer). In addition to reviewing items, they can also complete the following tasks within Permission Assist:

  • A supervisor is someone who is responsible for reviewing permissions for their direct reports or others the Security Team has assigned to them. A person could also be given Supervisor access to Permission Assist if:

    • they've been assigned Supervisor responsibilities for at least one group within a particular application.

    • they've been assigned responsibilities on behalf of another supervisor.

    If the review is set up to require Supervisors, Supervisors are able to complete review items for their direct reports or other users who have been assigned to them (this is their primary responsibility as a reviewer). In addition to reviewing items, they can also see access requests (on the Change Management Taskboard) that they've created by flagging items within a review.

  • An Area Reviewer within Permission Assist is someone who has been assigned to review a specifically defined set of permission data within an application. For example, if your organization decides they want a specific person to review permissions related to sensitive accounts and sensitive account information, the Security Team may set up a Reviewable Area that includes only the permissions related to that set of functions within an application. The Area Reviewer assigned to that area is responsible for reviewing those permissions to ensure proper access is given (or not) to each user within the application. Area Reviewers are assigned to an area within the Reviewable Areas tab.

    If the review is set up to require Area Reviewers, they are able to complete review items for their reviewable areas (this is their primary responsibility as a reviewer). In addition to reviewing items, they can also see access requests (on the Change Management Taskboard) that they've created by flagging items within a review.

  • Anyone who has been assigned to an organizational unit is a Defined Manager. If the review is set up to require a defined manager, the manager is able to complete review items for users within their organizational unit (defined within your directory source such as Active Directory).

  • Anyone who has been assigned to the Security Team group within the System Configuration area is a Security Team member. If the review is set up to require the Security Team, Security Team members are able to complete review items for all users. Typically, the Security Team is also responsible for adding applications, importing data, and preparing/overseeing permission reviews. For more information about Security Team members and what they can do, refer to the Security Team's Guide.