netwrix · dimav78 · Jul 28, 2025 · Jul 28, 2025 · Jul 28, 2025 · Jul 31, 2025
diff --git a/.claude/settings.local.json b/.claude/settings.local.json
@@ -0,0 +1,21 @@
+{
+  "permissions": {
+    "allow": [
+      "WebFetch(domain:community.netwrix.com)",
+      "WebFetch(domain:community.netwrix.com)",
+      "Bash(git checkout:*)",
+      "Bash(cp:*)",
+      "Bash(npm install)",
+      "Bash(npm start)",
+      "Bash(npm run start:*)",
+      "Bash(npx docusaurus start:*)",
+      "Bash(mkdir:*)",
+      "Bash(rm:*)",
+      "Bash(git add:*)",
+      "Bash(git commit:*)",
+      "Bash(find:*)",
+      "Bash(ls:*)"
+    ],
+    "deny": []
+  }
+}
diff --git a/.gitignore b/.gitignore
@@ -18,6 +18,9 @@ packages
 .env.test.local
 .env.production.local
 
+# Claude settings
+.claude/settings.local.json
+
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
@@ -0,0 +1,10 @@
+{
+  "label": "Access Reviews",
+  "position": 100,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "accessreviews"
+  }
+}
@@ -0,0 +1,156 @@
+---
+title: "Access Reviews"
+description: "Access Reviews"
+sidebar_position: 100
+---
+
+# Access Reviews
+
+Netwrix Auditor supports integration with Netwrix Auditor Access Reviews, which enables business
+owners to conduct resource and group reviews and recommend changes. The integration is available for
+the following data sources:
+
+- Active Directory
+- Dell Data Storage (only Unity family)
+- NetApp
+- Nutanix Files
+- Qumulo
+- SharePoint Online
+- Synology
+- Windows File Servers
+
+## Getting Started
+
+This workflow assumes you already have Netwrix Auditor installed with configured monitoring plans
+for a supported data source.
+
+**NOTE:** Access Reviews is a separately licensed product and is not included with Netwrix Auditor.
+Make sure that you have the Access Reviews license enabled in Auditor.
+
+See the [Licenses](/docs/auditor/10.8/admin/settings/licenses.md) topic for additional information.
+
+_Remember,_ there is one single Access Review license for all data sources that can send data to the
+application.
+
+Follow the steps to use Netwrix Auditor Access Reviews in conjuction with Auditor.
+
+**Step 1 –** Install Access Reviews on the same computer where Netwrix Auditor is installed. See the
+[Installation Overview](/docs/auditor/10.8/accessreviews/installation/overview.md) topic for prerequisites and
+additional information.
+
+**Step 2 –** Configure Access Reviews. The Configuration interface is only available to users with
+the Administrator role. See the [Administrator Overview](/docs/auditor/10.8/accessreviews/admin/overview.md) topic
+for configuration settings and enabling user access.
+
+**Step 3 –** Use the Access reviews configuration tool to setup the data flow from the Auditor
+database to the Access Reviews database. See the
+[Select Data Sources](/docs/auditor/10.8/accessreviews/installation/accessreviewsconfiguration.md) topic for additional information.
+
+**NOTE:** Data upload speed depends on the amount of collected data and Auditor collectors
+configuration.
+
+**Step 4 –** Configure resource ownership through the Access Reviews Console. The Resource Owners
+interface is available to users with either the Security Team or Administrator role. Managing
+ownership is core component for the Access Reviews workflow. See the
+[Resource Owners Overview](/docs/auditor/10.8/accessreviews/resourceowners/overview.md) topic for additional
+information.
+
+**NOTE:** The [Owners & Access Reviews](/docs/auditor/10.8/accessreviews/owneroverview/owneroverview.md) topic and
+subtopics are written for the assigned owners. You can distribute the URL to this topic or download
+a PDF to be distributed to your assigned resource owners.
+
+**Step 5 –** Configure and run reviews. The Entitlement Reviews interface is available to users with
+either the Security Team or Administrator role. See the
+[Reviews Overview](/docs/auditor/10.8/accessreviews/entitlementreviews/overview.md) topic for additional
+information.
+
+Netwrix Auditor Access Reviews is now configured and ready to use.
+
+## Considerations & Limitations
+
+Review the following considerations:
+
+1. Enabling State-in-Time data collection for your monitoring plans option is not required for the
+   integration works properly.
+2. The data collected by Auditor is updated at least once a day.
+3. If a monitoring plan or a data source with enabled integration is deleted, all collected data
+   will be removed from the Access Reviews database.
+4. If there are errors in upload of data to the Access Reviews database, these errors are reflected
+   in the Netwrix Auditor Health Log and text log files; status of items and data sources in Auditor
+   is not affected by these errors.
+5. Permissions-related considerations:
+
+    - For Windows File Servers, permission data for all items in this data source is sent to the
+      Access Reviews application;
+    - Only effective top-level permissions are sent (share+NTFS);
+    - Permission data is sent per file server (entirely for each server);
+    - Transfer of permission data to the Access Reviews application is started when you enable the
+      integration for a data source.
+
+    ## Initial Configuration
+
+    Next, configure the Access Reviews for your environment:
+
+    - Console Users — Grant users access to the application starting with an Administrator account.
+      There are two levels of access: Administrator and Security Team. See the
+      [Console Access Page](/docs/auditor/10.8/accessreviews/admin/configuration/consoleaccess.md) topic for
+      information.
+
+        - Optionally, disable the Builtin Administrator account. See the
+          [Modify the Builtin Administrator Account](/docs/auditor/10.8/accessreviews/admin/configuration/consoleaccess.md#modify-the-builtin-administrator-account)
+          topic for additional information.
+
+    - Notification — Configure the Notification settings required in order for the application to
+      send email. See the
+      [Notifications Page](/docs/auditor/10.8/accessreviews/admin/configuration/notifications.md) topic for
+      information.
+
+    ## Enable Console Users
+
+    Access Reviews Console users granted one of the available roles should be notified.
+
+    **_RECOMMENDED:_** The notification should include:
+
+    - Why your organization is using Netwrix Auditor Access Reviews.
+    - What they will be doing in the Access Reviews Console.
+    - How to log into the Access Reviews Console, specifically what URL and credentials to use.
+
+    You should also provide links to the appropriate topics based on the user's role:
+
+    - Security Team — Need topics that align to the work the will be doing in the Access Reviews
+      Console:
+
+        - Ownership Administrator — Send the URL link for the
+          [Resource Owners Overview](/docs/auditor/10.8/accessreviews/resourceowners/overview.md) topic.
+        - Review Administrator — Send the URL link for the
+          [Reviews Overview](/docs/auditor/10.8/accessreviews/entitlementreviews/overview.md) topic.
+
+    - Administrator — Send the URL link for the
+      [Administrator Overview](/docs/auditor/10.8/accessreviews/admin/overview.md) topic.
+
+    ## Resource Ownership Configuration
+
+    Ownership of resources must be assigned in order to use the Access Reviews workflow:
+
+    - Resource Ownership — Assign ownership for resources to be managed through the application. See
+      the [Resource Owners Interface](/docs/auditor/10.8/accessreviews/resourceowners/interface/interface.md) topic for
+      additional information.
+    - Enable Owners — Send a notification to your owners about resource ownership with the
+      application. See the
+      [Notification to Owners](/docs/auditor/10.8/accessreviews/resourceowners/overview.md#notification-to-owners)
+      topic for additional information.
+
+    ## Access Reviews Workflow
+
+    The Access Reviews applicaton runs attestations on resources and groups with the assigned
+    owners. The workflow consists of:
+
+    - Reviews — Configure reviews for resource Access or group Membership .
+    - Owner Performs Review — Owners process the review, potentially recommending changes
+    - Review Administrator Approval — Review and process owner recommended changes
+
+    **_RECOMMENDED:_** Set expectations for response time from owners.
+
+    Reviews can be run multiple times, maintaining a historical record for each instance. See the
+    [Reviews Overview](/docs/auditor/10.8/accessreviews/entitlementreviews/overview.md) topic for additional
+    information.
@@ -0,0 +1,10 @@
+{
+  "label": "Administrator Overview",
+  "position": 20,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "overview"
+  }
+}
@@ -0,0 +1,10 @@
+{
+  "label": "Additional Configuration Options",
+  "position": 40,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "overview"
+  }
+}
@@ -0,0 +1,79 @@
+---
+title: "Email Templates"
+description: "Email Templates"
+sidebar_position: 10
+---
+
+# Email Templates
+
+The HTML templates used to format notification email can be customized. These templates are designed
+to make the message viewable within an email client. It is recommended to edit text and layout as
+desired, but NOT to embed new images or logos. The following table shows the notification email
+templates and describes the purpose of each.
+
+| Template Name               | Message Type Description                                                                                                                           |
+| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
+| EntitlementReviewReminder   | Reminds owners of pending reviews; manually sent by a Review Administrator from the Entitlement Reviews interface                                  |
+| OwnershipChangeNotification | Sent to owners when assigned ownership is changed for a resource which already has pending reviews                                                 |
+| OwnershipConfirm            | Sent to owners to confirm or decline ownership of a given resource; manually sent by an Ownership Administrator from the Resource Owners interface |
+| ReminderDigest              | Weekly reminder configured by Administrators on the Notifications page of the Configuration interface to owners with pending reviews               |
+
+While customizing the template content, take note of the inline Substitution Tokens. These exist to
+provide the message with dynamic content, i.e. inserting values and strings from data in line with
+the static portion of the message body. These Substitution Tokens begin and end with the “@” symbol,
+e.g. @UserName@.
+
+Substitution Tokens are only valid for certain Notification message templates. Below is a table of
+the Substitution Tokens, the value or string they represent, and the message templates in which they
+may be used.
+
+| Substitution Token    | Description                                                                                                                                       | Applicable Template(s)                     |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ |
+| @LoginUrl@            | URL that allows a user to access the default (login) page                                                                                         | OwnershipChangeNotification ReminderDigest |
+| @ResourceDescription@ | Description of resource - To use the resource's description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@      | OwnershipConfirm ReminderDigest            |
+| @ResourcePath@        | Path of the current resource - To use the resources’ description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@ | OwnershipConfirm ReminderDigest            |
+| @ResourceType@        | Type of resource                                                                                                                                  | OwnershipConfirm ReminderDigest            |
+| @ResourceUrl@         | URL specifically created to respond to a request                                                                                                  | EntitlementReviewReminder OwnershipConfirm |
+| @ResponseCount@       | Numerically formatted count of pending reviews                                                                                                    | ReminderDigest                             |
+| @ReviewCount@         | Numerically formatted count of pending reviews                                                                                                    | ReminderDigest                             |
+
+## Customize Email Templates
+
+Email templates are shipped in a ZIP file and stored in the Access Reviews installation directory:
+
+...\Netwrix\Access Reviews
+
+Follow the steps to customize the email templates.
+
+**NOTE:** To successfully modify these Notifications email templates, a familiarity with basic HTML
+is necessary.
+
+![Access Reviews installation directory showing the Templates zip file](/images/auditor/10.7/access/reviews/admin/additionalconfig/emailtemplates.webp)
+
+**Step 1 –** Navigate to the Access Reviews installation directory.
+
+**Step 2 –** Unzip the `Templates.zip` file and save the contents to a folder within this directory
+named `Templates`.
+
+**CAUTION:** The customized email templates must be in the `Templates` folder within the
+installation directory to be preserved during future application upgrades.
+
+![Templates folder showing email templates](/images/auditor/10.7/access/reviews/admin/additionalconfig/emailtemplatesfolder.webp)
+
+**Step 3 –** Locate the desired HTML message template.
+
+**Step 4 –** Open the file with a text editor, e.g. Notepad, and customize the email body.
+
+**NOTE:** Using a tool other than a text editor to edit HTML files, such as a WYSIWYG web page
+editor which may drastically alter the underlying HTML code, is not supported.
+
+**Step 5 –** Email subject lines can be edited by changing the text between the opening `<title>`
+tag and the closing `</title>` tag.
+
+**Step 6 –** After making changes, save the file and view it within a web browser to see what the
+changes will look like. The Substitution Tokens will display without supplied values.
+
+**Step 7 –** After making the desired changes, save and close the text editor. Then re-launch the
+application.
+
+The modifications to the HTML email templates are in use by the notification emails.
@@ -0,0 +1,13 @@
+---
+title: "Additional Configuration Options"
+description: "Additional Configuration Options"
+sidebar_position: 40
+---
+
+# Additional Configuration Options
+
+In addition to the settings that are available on the Configuration interface, the following
+configurations and customizations can be done by Administrators:
+
+- [Email Templates](/docs/auditor/10.8/accessreviews/admin/additionalconfig/emailtemplates.md)
+- [Timeout Parameter](/docs/auditor/10.8/accessreviews/admin/additionalconfig/timeoutparameter.md)
@@ -0,0 +1,32 @@
+---
+title: "Timeout Parameter"
+description: "Timeout Parameter"
+sidebar_position: 20
+---
+
+# Timeout Parameter
+
+A user session will end when the timeout parameter for inactivity has been reached, and the user
+will be logged out. By default this is set to 15 minutes.
+
+The timeout parameter is configured within the `AccessInformationCenter.Service.exe.Config` file in
+the Access Reviews installation directory:
+
+...\Netwrix\Access Reviews
+
+Follow the steps to modify the timeout parameter.
+
+**Step 1 –** Open the `AccessInformationCenter.Service.exe.Config` file with a text editor, e.g.
+Notepad.
+
+![Notepad showing the AccessInformationCenter.Service.exe.Config file](/images/auditor/10.7/access/reviews/admin/additionalconfig/timeout.webp)
+
+**Step 2 –** Change the value for the `AuthSessionTimeout` parameter to the desired number of
+minutes. For example:
+
+<add key="AuthSessionTimeout" value="20"/>
+
+**Step 3 –** Save and close the file.
+
+A user session times out after the number of minutes specified for inactivity, for example after 20
+minutes.
@@ -0,0 +1,10 @@
+{
+  "label": "Configuration Interface Overview",
+  "position": 30,
+  "collapsed": true,
+  "collapsible": true,
+  "link": {
+    "type": "doc",
+    "id": "overview"
+  }
+}