Access Review Categories and Types
  • 18 Nov 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Access Review Categories and Types

  • Dark
    Light
  • PDF

Article summary

In this article we are covering the main Access Review Categories, and their related Types.

Access Review Categories

There are four main categories of Access Reviews within Clarity:

  • User Access Review - An Access Review Category in Clarity that is concerned with an Identity and its access in your Downstream Applications.

  • Role Access Review - This Category of Review lets you perform an Access Review on various roles in Clarity, and helps you decide if your Role Based Access Control configuration in Clarity is still valid.

  • Entitlement Access Review - This Review Category provides you with an overview of the Entitlements in your applications, and any Entitlements they may also grant.

  • Active Identity Access Review - A Category concerned only with a Users Active Status, and not their Entitlements.


Access Review Types

User Access Reviews

  • Custom Inclusion - An inclusive selection of one or more attributes or properties.

  • Full User Access - A review with All Identities and All of their Entitlements.

  • Entitlements - A review of Entitlements that have been designated as High Risk.

  • High Risk Roles - A review of Roles that have been designated as High Risk.

  • Material Apps - A review that lets you select one or more Apps, that includes the relevant Identities and their Entitlements.

  • Orphaned User Accounts - A review listing accounts that are inactive in a Source of Truth, but still active in a downstream application.

  • Selected Entitlements - An inclusive selection of one or more Entitlements.

  • Selected Identities - An inclusive selection of one or more identities.

  • Selected Supervisors - An inclusive selection of one or more Supervisors.

  • Tagged Items - An inclusive selection of one or more tags assigned to Identities or Integrations.

  • Unreconciled User Accounts - A review of Service Users that have not been matched to an Identity. These can also be found in the Alerts section.

Role Access Reviews

  • All Roles - Includes all Roles currently configured in your Clarity tenant.

  • High Risk Labeled Roles - Includes Roles you have labeled as High Risk.

  • Selected Role Owners - An inclusive selection of one or more Role Owners.

  • Specific Roles - An inclusive selection of one or more Roles.

  • Tagged Roles - An inclusive selection of one or more tags assigned to Roles.

Entitlement Access Reviews

  • Custom Inclusion - An inclusive selection of one or more attributes or properties.

  • Separation of Duties Conflicts - A review of Entitlements included in a Separation of Duties.

  • Tagged Entitlements - An inclusive selection of one or more tags assigned to Entitlements.

Active Identity Access Reviews

  • Custom Inclusion - An inclusive selection of one or more attributes or properties.


Custom Inclusion Criteria Type

The Custom Inclusion Criteria Type provides a lot of flexibility in creating an access review. User Access, Entitlements, and Active Identity Access Reviews offer this Type.

User Access Review

  • Applications - A selection of one or more Applications.

  • Entitlements, Entitlement Types, Entitlement Permissions - A selection of one or more Entitlements, Types and/or Permissions.

  • Identities, Identity Types, Identity Attributes - A selection of one or more Identities, Types and/or Identity Attributes.

  • Supervisors - A selection of one or more Supervisors.

  • Roles - A selection of one or more Roles.

  • Granted On (Date Range) - A date range specified allowing you to review access at a certain point in time.

Entitlement Review

  • Applications - A selection of one or more Applications.

  • Entitlements - A selection of one or more Entitlements.

  • Parent Entitlement Types - A selection of one or more Entitlement Types a Parent Entitlement has.

  • Roles - A selection of one or more Roles.

Active Identity Review

  • Applications - A selection of one or more Applications.

  • Identities, Identity Types, Identity Attributes -

  • Supervisors - A selection of one or more Supervisors.

  • Roles - A selection of one or more Roles.


If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.