# Access Reviews ### 👥 **Who It Applies To** | Role | Capabilities | | -------------- | ------------------------------------------------------------------------------------- | | **Admins** | Create, configure, and monitor review campaigns; assign reviewers; export audit logs. | | **App Owners** | Complete reviews for apps they own, approve or revoke user access. | | **Managers** | Review access for their team members when assigned. | *** ### 📖 Key Concepts * **Access Reviews**: Periodic checks to confirm whether users should retain, change or remove their access. * **Campaigns**: Structured review exercises scoped across apps or type of reviewers. * **Reviewers**: Assigned automatically based on role (Manager, App Owner, Review Owner). * **Auditability**: All actions during reviews are logged and exportable. :bulb:*Why this matters*: Access Reviews enforce least-privilege access, reduce dormant accounts and are mandatory for compliance frameworks such as SOC 2 and ISO 27001. *** ### 🛠 Access Review Workflows #### Create a Review Campaign * **Navigation**: Reviews → *Review Campaigns*. * **Steps**: 1. Click *Create New Campaign*. 2. Scope the review: review all apps or select specific ones. 3. Assign reviewers: route to **Manager**, **App Owner**, or **Review Owner** only. 4. Set schedule: define due date. 5. Launch and monitor campaign progress in the dashboard. 6. Export results as CSV when complete. * **Why this matters**: Gives Admins a scalable, auditable process to replace manual spreadsheets. *** #### Complete Reviews * **Navigation**: Reviews → *My Reviews* or via Slack notification. * **Review context includes**: * User name + team * Group memberships * App name * Last activity (if available) * Access since * Existing permission * New permission (selectable) * **Actions**: * Approve existing → no change. * Change → select new permission. * Remove → click “X” to revoke. * **Notes**: Rows may be blocked if the user is the app owner or has an active change request. * **Why this matters**: Provides reviewers with clear, contextual data to make quick and accurate access decisions. *** #### Notifications & Reminders * **Notifications**: Reviewers receive email and Slack alerts at campaign start. Access review notifications belong to the **Action Required** category. You can manage delivery channels in [Notification Preferences](https://docs.getcakewalk.io/how-to-guides/notification-preferences). * **Reminders**: Automatic reminders before due date and when overdue. * **Why this matters**: Keeps campaigns on track without manual chasing. *** #### Audit & Reporting * **Logs**: Every decision is recorded in the campaign dashboard. * **Exports**: Admins can export results at any time for auditors. * **History**: Past reviews remain visible in the dashboard. * **Why this matters**: Provides a clear audit trail incl. who approved/revoked access, when and under what context. *** ### 📋 Access Review Actions at a Glance | Action | Who performs it | What happens | Why it matters | | ----------------------------- | ---------------------------------- | ----------------------------------------------------------------------------- | ---------------------------------------------------------------- | | **Create Campaign** | Admins | Scope, assign reviewers, set schedule, launch and monitor campaigns. | Replaces manual spreadsheets with scalable, auditable workflows. | | **Complete Review** | Managers, App Owners, Review Owner | Approve, change or remove user access in modal or Slack. | Enforces least-privilege with contextual decisions. | | **Notifications & Reminders** | System | Sends email/Slack alerts at campaign start, reminders before/after due dates. | Keeps campaigns timely and reduces manual follow-up. | | **Audit & Reporting** | Admins | Logs all decisions, enables CSV export, stores historical campaigns. | Provides evidence for SOC 2, ISO 27001, and internal audits. |