Access Reviews in User Portal

Access Reviews in User Portal



Access Reviews (AR) are periodic checks to ensure that only authorized users can access Workspaces within myDRE. They allow Accountable and Privileged members to review and confirm user permissions. Access Reviews unburden the Workspace Accountable and the organisations in their requirement to stay compliant with rules and regulations around Access management. 

Info​Access reviews are implemented to ensure compliance with ISO27001 standards. These reviews help safeguard sensitive information by limiting access to authorized individuals only, in line with the principles of least privilege and role-based access control. For more detailed guidance, refer to anDREa ISMS documentation on the risks identified and the controls

The AR is triggered automatically based on a pre-set schedule, which can be one-time, weekly, monthly, quarterly, bi-annual, or annual. However, local Research Support (RS) members can also start an AR on an ad-hoc basis. Once an AR is activated, Accountable and Privileged members will receive email notifications with links to the relevant workspace(s). Inside the workspace's Members Tab, they can review member access by selecting options like Approve, Restrict, or Delete, and can confirm or approve access for all users at once to finalize the review.

How it works

The system triggers the initiation of access reviews on January 15th and July 15th. After the Access Review is initiated, the Accountable and Privileged members of the workspace will receive an email notification to review the member list. If members are not reviewed within the time frame provided (Enforcement) in the email, their access will be restricted to only the Members tab and the Details page in the workspace.

Alert
If the Workspace Accountable does not complete the access review before the specified due date (Enforcement), the system will automatically place all members who have not been reviewed into a Restricted state. To avoid this automatic enforcement, ensure that all access reviews are finalized promptly within the given timeline.
Warning
If you have been Restricted, please contact the  Accountable or the Privileged members that can be found in the Members or Details page of the workspace.

Let’s see how this works in practice:

  1. Access the workspace you are a member of and go to the Members tab > Access Reviews. The image below shows "No active access review found for workspace ". This is normal if the AR has not been initiated.

  1. When an AR is initiated, the notification email will include the workspace name. Open the workspace mentioned in the email, and under the Members tab, you will see the following:
    1. Members under review will have a question mark displayed next to their name during the review process. They are also listed on the Access Reviews tab until their role is confirmed.
    2. No question mark for the Accountable, meaning that the Accountable is not under review.

Info
If a user is added to the workspace after the Access Review has been initiated, they will not be included in the Access Review.

Access Review performed by Workspace Accountable or the Privileged member

  1. In the Access Review, only the Accountable or the Privileged members can manage access for others. They can approve, restrict, or remove access, and there is an option to approve access for all members at once to complete the review. 

  1. To restrict a member, read and confirm the restriction in the pop-up window.

  1. Restricted members have limited access. They can only view the Workspace and information about other members. 



Warning
If you have been Restricted, please contact the  Accountable or the Privileged members that can be found in the Members or Details page of the workspace.

    • Related Articles

    • Using the Azure Portal

      DRE is suitable for any type of user. However, perhaps you already have lots of IT experience and you know your way around Azure. That's when it might be interesting to know that you can also access your workspace resources through the Azure Portal. ...

    • Activity Feed User Portal

      Understanding the Activity Feed in myDRE User Portal First version: 2024-05-21 The Activity Feed is a powerful tool that provides real-time insights into various actions and changes within the Workspace. Mindful Usage to Manage Costs It is important ...

    • External access in your workspace

      Introduction By default myDRE workspaces do not have connection to the internet. This ensures that data within the workspace is secure and auditable - we know what comes in, and what goes out. However, sometimes you do need a connection to a web ...

    • launch new end-user portal

      Dear myDRE users, We have some exciting news to share with you! We have launched a brand new and improved user interface that will make your myDRE experience even better. The new platform is more streamlined and user-friendly, and we can't wait for ...

    • Access Review Initiation on January 15th

      Dear all, Last month, we successfully launched Access Reviews (AR) in production, a feature designed to ensure compliance with ISO27001 standards. On January 15th, AR will be initiated. These are periodic checks to ensure only authorized users can ...