Microsoft Entra ID · Access Reviews

Access Review Reviewer Assignment

Workflow designation, not a Microsoft Entra role. Review creators select users, group owners, managers, or self-reviewers to make decisions for a specific access review.

Scope: Access decision making for assigned reviews only

Permissions

  • Decisions - Review and make access decisions
  • Decisions - Approve or deny continued access
  • Review Scope - View review scope and members under review
  • History - View review history for assigned reviews
  • Notes - Add review notes and justifications
  • Recommendations - Accept recommendations from system
  • Limitation - Cannot modify review settings or scope
  • Limitation - Cannot create new access reviews

Common use cases

  • Manager reviews for team member access
  • Application owner access reviews
  • Group owner membership attestation
  • Self-review for personal access
  • Resource owner access certification
  • Delegated access governance

Best practices

  • Complete reviews before deadline
  • Document removal justifications
  • Use recommendations as guidance
  • Review access context before deciding
  • Ask for additional info when uncertain
  • Consider job role when reviewing access
  • Escalate questionable access patterns

Security considerations

  • Review decisions affect user access
  • Non-response can result in auto-removal
  • Decisions are audited for compliance
  • Consider least privilege when approving
  • Monitor for rubber-stamp approval patterns

Common questions

When should I assign the Access Review Reviewer Assignment role?

Assign Access Review Reviewer Assignment when you need to: Manager reviews for team member access; Application owner access reviews; Group owner membership attestation; Self-review for personal access; and Resource owner access certification. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Access Review Reviewer Assignment role do?

The Access Review Reviewer Assignment role grants permissions including: Decisions - Review and make access decisions; Decisions - Approve or deny continued access; Review Scope - View review scope and members under review; History - View review history for assigned reviews; Notes - Add review notes and justifications; and Recommendations - Accept recommendations from system. See the Permissions section above for the full list.

What are the security risks of the Access Review Reviewer Assignment role?

Key considerations when assigning Access Review Reviewer Assignment: Review decisions affect user access; Non-response can result in auto-removal; Decisions are audited for compliance; and Consider least privilege when approving. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →