Access Review

Overview

LightBeam’s Access Review feature enables users to validate and manage user and group permissions across data sources like SharePoint, Google Drive, and other cloud services. By enforcing least-privilege access and flagging anomalies, the system supports regulatory compliance and reduces insider risk.

Purpose

• Prevent unauthorized or stale access to sensitive data

• Enforce role-based access control (RBAC)

• Ensure compliance with organizational and regulatory requirements

• Provide visibility into access patterns for users, groups, and resources

Steps to conduct “Access Reviews”

1. In the admin account, to automate and customize the data privacy settings you have to navigate to “Playbooks”

2. In “Playbooks” tab you have to select “SecureNow” to use the feature of access review

1. Click on “Create New Analysis” in the top right side as shown below.

It will help you to create a review for a particular data source on a selected directory or sub directory or folder.

1. You’ll see a new window after you click “Create new Analysis”. In this window you have to select the path of the directory for which you have to get the analysis for.

   1. Select the data source

   2. Select the path or URL which you want to analyze.

   3. You have to give this analysis a name to identify it later

1. When you create a new Analysis, the status column would be shown as “pending”. The analysis will take some minutes to run and complete. You can access the analysis only after the status changes to “Analysis Completed”.

1. Once the analysis is completed, you can click on the newly created analysis. Here in the example, “Test”.

It will show you the overview of the analysis, and gives the user access to review the individuals as well as groups to let them have the access or revoke.

The overview shows the total users, groups, External users who have access to the directory.

• Below it shows the total objects in the selected path and number of users too. For any user to have access they can either have a direct access to the path or they might get access because of being in any group or through an access link.

Depending upon the use case and assigned work, any individual user might need access or need not to have access, thus the access can be revoked from the user tab.

• The left most column shows the names of users, the objects they have access to out of those how many are sensitive, which department that user belongs to, is that user part of any group, type of employment & the last column is the Review status.

• For e.g, if you want to revoke the access of a user “test8” who is a Contractor having access to 49 sensitive objects, then you can select the user click on the “Revoke Access” button to revoke access.

User “test8” access is revoked and marked as “reviewed”.

1. There’s an option to “flag” a particular user too. For e.g. user “test7” also has access to 49 sensitive objects, then the user can be marked as a “flag” for future reference as shown below.

1. In the Groups tab similar operations pertaining to the groups that have access to the directory can be performed. Here in our e.g we have only one group which has access to the directory named “testsite”. This group has 2 members in it and 49 objects.

Similar operations can be done here, if the access is to be revoked first we have to select the group and then the “Revoke Access” button highlights then we can remove the access of the complete group along with all the members of the group.

User can also click on the group name that would take it to the new window in “Datasource” tab where in depth analysis of the objects accessible by the group can be studied.

The data for individual users as well as groups can be downloaded into a .csv file by clicking the “Export CSV” button.

Once the analysis is complete and the access for the individual and groups has been reviewed or revoked the analysis can also be deleted. By clicking on the “Action” button you can delete the analysis as shown below.