As a reviewer you might be assigned to review items in multiple active review runs. Depending on how the review is defined, Identity Governance might send you email notifications to remind you of incomplete tasks and approaching deadlines. This section provides the steps required for you to complete Reviewer tasks associated with a review run.
For more information about the Reviewer’s authorization and the review process, see Section 26.0, Understanding Review Run.
In Identity Governance, select Reviews.
(Optional) Click the gear icon to view additional column options and customize column display. For example, you can drag Started by to the list of selected columns to view name of the person who started the review on demand, on schedule, or by micro certification process.
Select the review run on which you want to act.
(Optional) Adjust display options to help you manage your review items:
(Optional) Select Include submitted items to see all review items on the list.
Click Show all to see a list of grouping options. The grouping options are especially helpful when you have a long list of review items.
(Optional) Select a grouping option to sort review items by groups and to easily take action on all or selected review items within a group.
(Optional) Enter a search string such as user name, specific review item, or decision to filter review items, and to easily take action on all or selected review items within the filtered list.
Click the gear icon to change the display options by adding, removing, or rearranging columns.
NOTE:For Technical Role and Business Role Definition reviews you can click the Review technical role definition and Review business role definition option to review the role definitions and save the proposed changes, sort the columns, undo or discard the changes.
For each review item, click the review item link to view additional details that could help you make your decision, then select an action. You can also select multiple review items across pages and use Actions to select an action.
NOTE:The review type and definition determines which of the following actions are allowed for a review instance.
(Conditional) Keep to specify that you believe that the user should have the permission, account, or role.
(Conditional) Assign, if there are unmapped accounts, to map the account.
(Conditional) Modify, if the review definition allows this option, to change attribute value or to provide modification instructions such as account needs an account custodian.
(Conditional) Keep assignment to specify that the user should have the previously assigned supervisor when reviewing direct reports.
(Conditional) Change supervisor to specify that the user should have a different supervisor when reviewing direct reports.
(Conditional) Remove assignment to remove the supervisor when reviewing direct reports
(Conditional) Remove to specify that the user should not have the permission, account, or role. In case of time-based assignments for access, account, technical, or business role reviews, remove the assignments before the scheduled date.
NOTE:If you remove the Global or Customer authorization from a user who is the last Global or Customer administrator, only the Bootstrap will have the ability to reassign this authorization.
(Conditional) Review user profile to review user attribute values and either modify values and Save changes or confirm No profile changes.
NOTE:You cannot modify attribute values in bulk.
(Conditional) Review business role definition to review memberships, authorizations, or attribute values and Save changes or confirm No changes.
View Activity to decide what actions to take or what actions have been taken.
Change Reviewer to pass the decision to another reviewer.
NOTE:
If the review definition states that the change reviewer action requires a comment, then you must enter a comment to complete the action.
If you select User B, who has a delegate User C who has a delegate User B, as the new reviewer, Identity Governance will issue a warning and disable the Change Reviewer option to prevent cyclical delegation.
Download all review items as CSV to download all or a selective set of review items as a CSV file for manual review. You can selectively download review items by selecting a grouping option or searching for values for columns included in the Review Settings > Review Display Customization menu. For example, if you want to review only items for one application, you can select Group by application. If you want to include items whose decision you had previously submitted, you can select the filter icon and include submitted items. Additionally, for account and user access review if you include permission assignment attributes, such as assignment value, risk, and generic attributes you can download them as CSV, if those columns are configured in Review Settings > Review Display Customization menu.
NOTE:
The download list items count will not match the actual number of review items in an Account Review that includes permissions. The count reflects the number of accounts that match the search criteria, however, all the permissions under each account will also be included in the download resulting in more items than the number displayed on the review page.
The Current Assignment Details link displays the assignment value if collected. To view the assignment value from IDM application sources you have to make sure the global property com.netiq.iac.show.idm.assignval is set. Contact your SaaS Operations Administrator to set the property.
Review the changes to ensure accuracy.
Select Submit to confirm your actions on the review items.
This action locks your decisions and moves the items out of your queue. Identity Governance then moves the items to the next reviewer’s queue if this is a multistage review and you are not the last reviewer. If you are the last reviewer, Identity Governance notifies the Review Owner that the review is ready for certification.
If one of your review items is in the Multiple Reviewers queues, your decision gets locked in when you Submit the decision. If you have not yet submitted a decision and another reviewer makes a decision and submits before you, it is the other reviewer's decision that gets locked. You can select Include submitted items if not previously selected and see the decision in the View Activity option.