Installer Guides

Access Review

This document provides a comprehensive guide to the Access Review feature, designed to help you audit and manage user access across your organisation’s data sources.

Overview

LightBeam’s Access Review feature enables users to validate and manage user and group permissions across data sources like SharePoint, Google Drive, Box, and SMB shares. By enforcing least-privilege access and flagging anomalies, the system supports regulatory compliance and reduces insider risk. Reviewers can analyse exactly who has access to files, view a split of internal versus external users, and determine if sensitive data is exposed via open or public links.

Purpose

  • Prevent unauthorised or stale access to sensitive data.

  • Enforce Role-Based Access Control (RBAC).

  • Ensure compliance with organisational and regulatory requirements.

  • Provide visibility into access patterns for users, groups, and resources.

Navigating to the Access Review Section

To access the Access Review section within the Access Governance module:

  • Navigate to the top navigation bar on the home screen.

  • Click on the Governance tab.

  • From the dropdown menu, select Access Review.

Key Elements and Filters

At the top of the page, multiple filtering options are available to help refine the view:

  • Search Bar: Search for specific assignments by name, keyword, or related object.

  • Data Source: Filter by the originating system (e.g., Google Drive, SMB, Box).

  • Status: Filter reviews by state: Not Started, In Progress, Completed, or Overdue.

  • Owner: Filter based on the designated review owner.

  • All Filters: View all applied filters with an option to Clear all.

Columns Displayed

Each row in the table represents a specific analysis, displaying the following columns:

  • Analysis Name: The title of the access review analysis.

  • Data Source: The repository from which data originates (e.g., Google Drive, SMB, Box).

  • Status: Current state (Scanning, Scan Complete, Pending, or Completed).

  • Location/Path: The specific file path or folder hierarchy under review.

  • Last Run On: The most recent date and time the analysis was executed.

  • Owner: The individual responsible for completing the review.

Creating an Access Review

To create a new review:

  1. Navigate to the top right of the dashboard and click + Create New Analysis.

  2. Select the data source you wish to audit.

  3. Select the path or URL you want to analyse (e.g., a sub-directory or folder).

  4. Enter an analysis name and owner.

Note: When you create a new analysis, the status appears as Pending or Scanning. It may take several minutes to compile data. You can only access the review once the status updates to Scan Complete.

Once the analysis is completed, click on the review name to begin. Clicking on a username provides a broader User View of their permissions across the entire data source.

Specific Data Source Setup

While the basic setup steps are uniform, use these guidelines for specific sources:

Google Drive Access Review

  1. Select the data source specific to Google Drive.

  2. Select the path or URL which you want to analyze.

  3. Enter an analysis name and owner.

Once the request has been created, this information can be reviewed in more detail either by selecting each tab (Overview, Users, Groups, Objects, Audit Logs) or by selecting Actions to edit further.

Box Access Review

  1. Select the data source specific to Box.

  2. Select the path or URL which you want to analyze.

  3. Enter an analysis name and owner.

Once the request has been created, this information can be reviewed in more detail either by selecting each tab (Overview, Users, Groups, Objects, Audit Logs) or by selecting Actions to edit further.

SMB Access Review

  1. Select the data source specific to SMB.

  2. Select the path or URL which you want to analyze.

  3. Enter an analysis name and owner.

Once the request has been created, this information can be reviewed in more detail either by selecting each tab (Overview, Users, Groups, Objects, Audit Logs) or by selecting Actions to edit further.

Reviewing an Existing Access Review

Overview Tab

The Overview tab serves as the central dashboard for the access review, providing high-level metrics on the total number of users, groups, including external users with system access. It displays total objects within the current path and visualizes whether users hold direct permissions or access inherited through group memberships and shared links.

Users Tab

The Users tab provides an individualized look at every person who has permissions within the selected environment. This view allows administrators to audit specific account activities and see exactly which resources each unique user is authorized to interact with.

The left most column shows the names of users, the objects they have access to out of those how many are sensitive, which department that user belongs to, is that user part of any group, type of employment & the last column is the Review status.

For example, if you want to revoke the access of a user “test8” who is a Contractor with access to 49 sensitive objects, then you can select the user and click on the Revoke Access button to revoke access.

Note: Data can be exported in CSV format using the Export CSV button at the top right corner of the page.

Groups Tab

The Groups tab organizes access data by logical containers, showing the collective permissions granted to sets of users rather than individuals. This view allows administrators to effectively manage security across teams and organizational units by auditing and adjusting access at the group level.

Access for selected users or groups can be revoked, or the review state can be changed, by using the Actions menu on the page.

Note: Data can be exported in CSV format using the Export CSV button at the top right corner of the page.

Objects Tab

The Objects tab lists on the objects or files present in the location for which the analysis is done.

Audit Logs Tab

The Audit Logs tab provides a chronological record of security-related events and changes made during the review process. It is essential for compliance, as it tracks who made permission updates, when those changes occurred, and the outcome of various access reviews.

Finalising and Updating the Review

Manual Re-run

The access analysis does not sync automatically with external permission changes. To ensure your findings are current after any updates have been made outside the tool, you must manually re-run the scan.

Completion and Deletion

To finalise the review process:

  • Mark as Completed: Navigate to the Actions button and select Mark as Completed. The system will provide an alert if any users or groups remain in an unreviewed state.

  • Delete Analysis: If the review is no longer needed, you can delete the analysis from the same location.

Purpose and Utility

  • Identify Access Risks: Detects security gaps by highlighting users and groups with overly broad or sensitive access, including reviewing unclassified or external users that may indicate governance issues.

  • Support Comprehensive Access Reviews: Enhances visibility into the distribution of user privileges, group memberships, and potential exposure to sensitive data across the environment.

  • Enable Targeted Governance Actions: Provides specific filtering options (e.g., by department, employment type, or data sensitivity) that facilitate precise remediation, allowing administrators to efficiently Revoke Access or change the Review Status.

  • Ensure Compliance and Audit Readiness: Offers a clear, auditable trail of user access patterns, activities, and recorded actions, ensuring the organization maintains alignment with mandated access control standards.

  • Promote Proactive Risk Management: Empowers governance teams to monitor, assess, and act upon user and group access data dynamically, fostering continuous compliance and reducing the overall security attack surface.

PreviousFoldersNextUser and Groups Activity

Last updated