Go to WebsiteLoginGet a Demo

Access Reviews

Use Cakewalk's Access Reviews to streamline access checks for apps. Replace spreadsheets with structured campaigns, dashboards, and audit trails.

👥 Who It Applies To

Role
Capabilities

Admins

Create, configure, and monitor review campaigns; assign reviewers; export audit logs.

App Owners

Complete reviews for apps they own, approve or revoke user access.

Managers

Review access for their team members when assigned.

📖 Key Concepts

  • Access Reviews: Periodic checks to confirm whether users should retain, change or remove their access.

  • Campaigns: Structured review exercises scoped across apps or type of reviewers.

  • Reviewers: Assigned automatically based on role (Manager, App Owner, Review Owner).

  • Auditability: All actions during reviews are logged and exportable.

💡Why this matters: Access Reviews enforce least-privilege access, reduce dormant accounts and are mandatory for compliance frameworks such as SOC 2 and ISO 27001.

🛠 Access Review Workflows

Create a Review Campaign

  • Navigation: Reviews → Review Campaigns.

  • Steps:

    1. Click Create New Campaign.

    2. Scope the review: review all apps or select specific ones.

    3. Assign reviewers: route to Manager, App Owner, or Review Owner only.

    4. Set schedule: define due date.

    5. Launch and monitor campaign progress in the dashboard.

    6. Export results as CSV when complete.

  • Why this matters: Gives Admins a scalable, auditable process to replace manual spreadsheets.

Complete Reviews

  • Navigation: Reviews → My Reviews or via Slack notification.

  • Review context includes:

    • User name + team

    • Group memberships

    • App name

    • Last activity (if available)

    • Access since

    • Existing permission

    • New permission (selectable)

  • Actions:

    • Approve existing → no change.

    • Change → select new permission.

    • Remove → click “X” to revoke.

  • Notes: Rows may be blocked if the user is the app owner or has an active change request.

  • Why this matters: Provides reviewers with clear, contextual data to make quick and accurate access decisions.

Notifications & Reminders

  • Notifications: Reviewers receive email and Slack alerts at campaign start.

  • Reminders: Automatic reminders before due date and when overdue.

  • Why this matters: Keeps campaigns on track without manual chasing.

Audit & Reporting

  • Logs: Every decision is recorded in the campaign dashboard.

  • Exports: Admins can export results at any time for auditors.

  • History: Past reviews remain visible in the dashboard.

  • Why this matters: Provides a clear audit trail incl. who approved/revoked access, when and under what context.

📋 Access Review Actions at a Glance

Action
Who performs it
What happens
Why it matters

Create Campaign

Admins

Scope, assign reviewers, set schedule, launch and monitor campaigns.

Replaces manual spreadsheets with scalable, auditable workflows.

Complete Review

Managers, App Owners, Review Owner

Approve, change or remove user access in modal or Slack.

Enforces least-privilege with contextual decisions.

Notifications & Reminders

System

Sends email/Slack alerts at campaign start, reminders before/after due dates.

Keeps campaigns timely and reduces manual follow-up.

Audit & Reporting

Admins

Logs all decisions, enables CSV export, stores historical campaigns.

Provides evidence for SOC 2, ISO 27001, and internal audits.

PreviousTasksNextHRIS & IdP

Last updated

Was this helpful?