When the owner initiates a review run in live mode, or when a review run starts by the schedule, or when a micro certification review is automatically started, the following activities occur:
Identity Governance generates tasks for the assigned Reviewers and notifies them as specified in the review definition.
Reviewers review their assigned set of review items and decide whether the items should be kept, modified, or removed. If a review item is assigned to multiple reviewers, the first reviewer who acts on that item becomes the decision maker, and the item continues to the next phase of the review. For more information, see Section 27.1, Performing a Review.
(Conditional) If the review definition specifies that a permission requires multiple stages of approval, Identity Governance forwards the affected review items to the next assigned reviewer.
For example, the application owner, permission owner, or Review Owner might be required to review the permissions and confirm decisions before action is taken to remove any permissions. Reviewers must complete the review in the assigned order.
(Conditional) If a Reviewer does not complete tasks in the specified time frame and the review definition specifies an escalation process, Identity Governance forwards the tasks to the assigned Escalation Reviewer. The Review Owner is the default Escalation Reviewer when an administrator does not specify the Escalation Reviewer in the review definition.
If there are multiple reviewers, Identity Governance forwards the task to the next reviewer before it finally moves the tasks to the Escalation Reviewer or Review Owner queue.
The Review Owner approves the changes.
NOTE:If specified in the review definition, Review Owners can override reviewer decisions at any point during a review run. When a Review Owner overrides a decision, the review item is locked and can no longer be modified by the reviewer.
Identity Governance initiates the fulfillment process to enable the requested changes.
(Conditional) In a manual fulfillment process, Identity Governance generates tasks that the assigned Fulfillers must complete and notifies them by email.
(Optional) An Auditor might be required to certify the results of the review run.