Status: Pending implementation
Security and business owners need recurring campaigns to confirm that users still need the access they have. UMS must let administrators review active roles, profiles, and templates, capture reviewer decisions, and remove access that is no longer justified.
| Actor | Responsibility |
|---|---|
| Access Governance Administrator | Creates and manages review campaigns. |
| Resource Owner / Manager | Reviews assigned access for users in scope. |
| Reviewer | Confirms, reduces, or removes access during the campaign. |
| User | Is affected by the review outcome and may receive a notification. |
| Auditor | Reviews the campaign history and the final decisions. |
If a reviewer does not complete the campaign on time, the system escalates or closes the review according to the configured policy.
If the policy forbids self-review, the user cannot approve their own access and another reviewer must complete the item.
If the access item is already removed or inactive, the system skips it and keeps the campaign outcome consistent.
| Rule | Description |
|---|---|
| BR-01 | Sensitive access must be periodically recertified. |
| BR-02 | Reviewers can only act on items that are within their assigned scope. |
| BR-03 | A review decision must be closed with a final business outcome. |
| BR-04 | Decisions must be auditable with reviewer, date, scope, and reason. |
| BR-05 | Removed access must no longer appear as active after the campaign closes. |
| BR-06 | Policies may require escalation or auto-removal when the review is overdue. |
| # | Acceptance Criterion |
|---|---|
| 1 | An administrator can create a review campaign for a defined scope. |
| 2 | The reviewer can see the access items that belong to the campaign. |
| 3 | The reviewer can approve, reduce, or remove access for each item. |
| 4 | The system records the reviewer decision and the final outcome. |
| 5 | Access removed during the campaign is no longer active when the campaign closes. |
| 6 | The campaign reaches a terminal and auditable completion state. |
| Type | References |
|---|---|
| Domain Entities | Role, Profile, PermissionTemplate, AccessEnforcementPolicy, AuditRecord |
| Functional Stories | FS-16, FS-24 |
| ADRs | ADR-0016, ADR-0033, ADR-0035 |