# Access Reviews

### 👥 **Who It Applies To**

| Role           | Capabilities                                                                          |
| -------------- | ------------------------------------------------------------------------------------- |
| **Admins**     | Create, configure, and monitor review campaigns; assign reviewers; export audit logs. |
| **App Owners** | Complete reviews for apps they own, approve or revoke user access.                    |
| **Managers**   | Review access for their team members when assigned.                                   |

***

### 📖 Key Concepts

* **Access Reviews**: Periodic checks to confirm whether users should retain, change or remove their access.
* **Campaigns**: Structured review exercises scoped across apps or type of reviewers.
* **Reviewers**: Assigned automatically based on role (Manager, App Owner, Review Owner).
* **Auditability**: All actions during reviews are logged and exportable.

:bulb:*Why this matters*: Access Reviews enforce least-privilege access, reduce dormant accounts and are mandatory for compliance frameworks such as SOC 2 and ISO 27001.

***

### 🛠 Access Review Workflows

#### Create a Review Campaign

* **Navigation**: Reviews → *Review Campaigns*.
* **Steps**:
  1. Click *Create New Campaign*.
  2. Scope the review: review all apps or select specific ones.
  3. Assign reviewers: route to **Manager**, **App Owner**, or **Review Owner** only.
  4. Set schedule: define due date.
  5. Launch and monitor campaign progress in the dashboard.
  6. Export results as CSV when complete.
* **Why this matters**: Gives Admins a scalable, auditable process to replace manual spreadsheets.

***

#### Complete Reviews

* **Navigation**: Reviews → *My Reviews* or via Slack notification.
* **Review context includes**:
  * User name + team
  * Group memberships
  * App name
  * Last activity (if available)
  * Access since
  * Existing permission
  * New permission (selectable)
* **Actions**:
  * Approve existing → no change.
  * Change → select new permission.
  * Remove → click “X” to revoke.
* **Notes**: Rows may be blocked if the user is the app owner or has an active change request.
* **Why this matters**: Provides reviewers with clear, contextual data to make quick and accurate access decisions.

***

#### Notifications & Reminders

* **Notifications**: Reviewers receive email and Slack alerts at campaign start. Access review notifications belong to the **Action Required** category. You can manage delivery channels in [Notification Preferences](/how-to-guides/notification-preferences.md).
* **Reminders**: Automatic reminders before due date and when overdue.
* **Why this matters**: Keeps campaigns on track without manual chasing.

***

#### Audit & Reporting

* **Logs**: Every decision is recorded in the campaign dashboard.
* **Exports**: Admins can export results at any time for auditors.
* **History**: Past reviews remain visible in the dashboard.
* **Why this matters**: Provides a clear audit trail incl. who approved/revoked access, when and under what context.

***

### 📋 Access Review Actions at a Glance

| Action                        | Who performs it                    | What happens                                                                  | Why it matters                                                   |
| ----------------------------- | ---------------------------------- | ----------------------------------------------------------------------------- | ---------------------------------------------------------------- |
| **Create Campaign**           | Admins                             | Scope, assign reviewers, set schedule, launch and monitor campaigns.          | Replaces manual spreadsheets with scalable, auditable workflows. |
| **Complete Review**           | Managers, App Owners, Review Owner | Approve, change or remove user access in modal or Slack.                      | Enforces least-privilege with contextual decisions.              |
| **Notifications & Reminders** | System                             | Sends email/Slack alerts at campaign start, reminders before/after due dates. | Keeps campaigns timely and reduces manual follow-up.             |
| **Audit & Reporting**         | Admins                             | Logs all decisions, enables CSV export, stores historical campaigns.          | Provides evidence for SOC 2, ISO 27001, and internal audits.     |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.getcakewalk.io/how-to-guides/access-reviews.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.