II.
Workflow overview
Reference · liveworkflow:access-review
Access Review overview
Quarterly scheduled workflow ensuring that user and service account permissions across all systems remain appropriate and consistent with the principle of least privilege. IT operations and security engineers generate access reports for critical systems, cloud environments, and sensitive data stores. Each team manager reviews the permissions of their reports, certifying or revoking access as appropriate. Orphaned accounts from departures or role changes are deprovisioned. Exceptions require documented justification and compensating controls. Audit evidence is retained for compliance reporting. The workflow reduces insider threat risk and satisfies regulatory access-control requirements.
Attributes
displayName
Access Review
description
Quarterly scheduled workflow ensuring that user and service account permissions across
all systems remain appropriate and consistent with the principle of least privilege.
IT operations and security engineers generate access reports for critical systems,
cloud environments, and sensitive data stores. Each team manager reviews the permissions
of their reports, certifying or revoking access as appropriate. Orphaned accounts from
departures or role changes are deprovisioned. Exceptions require documented justification
and compensating controls. Audit evidence is retained for compliance reporting. The
workflow reduces insider threat risk and satisfies regulatory access-control requirements.
workflowKind
security
triggerType
scheduled
typicalCadence
quarterly
complexity
moderate
Outgoing edges
applies_to_domain2
- domain:cybersecurity·DomainCybersecurity
- domain:infrastructure·DomainInfrastructure
involves_role5
- role:security-engineer·RoleSecurity Engineer
- role:it-ops-engineer·RoleIT Operations Engineer
- role:compliance-officer·RoleCompliance Officer
- role:engineering-manager·RoleEngineering Manager
- role:privacy-engineer·RolePrivacy Engineer
triggers_responsibility3
- responsibility:access-control·Responsibility
- responsibility:compliance-monitoring·ResponsibilityCompliance Monitoring
- responsibility:risk-assessment·ResponsibilityRisk Assessment
Incoming edges
follows_workflow2
- stack-profile:auth-identity-platform·StackProfileAuth & Identity Platform Stack (Node.js, Keycloak, PostgreSQL, Redis, OAuth2, Docker)
- stack-profile:identity-governance·StackProfileIdentity Governance (Keycloak, PostgreSQL, React, Go, Docker)
lib_implements_workflow2
- lib-process:security-compliance--iam-access-control·LibraryProcessiam-access-control
- lib-skill:security-compliance--gdpr-compliance-automator·LibrarySkillgdpr-compliance-automator
supports_work2
- tool:nylas·ToolNylas
- tool:jumpcloud·ToolJumpCloud