Skip to main content
Review who has access to applications, track access history, and export logs for compliance. Download just-in-time (JIT) access history by role or team, or build workflows to automate recurring reviews.

Common Review Use Cases

Access reviews answer critical security and compliance questions:
  • Review which users received JIT access to applications
  • Track when access was granted or revoked
  • Export access logs for SOC 2, ISO 27001, or other compliance audits
  • Track access anomalies or policy violations
  • Review departing employee access history to verify all permissions were revoked
  • Generate JIT access reports for compliance frameworks
  • Identify frequently requested roles and analyze whether temporary access is extended unnecessarily

Review Access by Role

View all users who have been provisioned access to a specific role, including both current and historical access.

Access role-level logs

1

Navigate to the role

Go to Applications → select the relevant application → select the role
2

Open request logs

Click the Request Logs tab
3

Review access history

The logs show:
  • Users with current access
  • Users who previously had access
  • When access was granted and revoked
  • Who approved each request
4

Export if needed

Click the Download button to export as CSV for further analysis
Role-level access logs showing request history with user names, timestamps, and download button

What’s included in role-level logs

The download includes:
  • User name and email
  • Access start and end dates
  • Request and approval timestamps
  • Approver information
  • Access status (active, expired, revoked)

Review Access Across Teams

Generate comprehensive access reports across all applications and roles in your organization.

Access organization-wide logs

1

Navigate to analytics

Go to AnalyticsTickets
2

Download access data

Click the Download button to export all access and ticket data
3

Review the export

The CSV includes both ticket and access log data for complete visibility into your access management
Organization-wide access logs download interface showing analytics page with download button

What’s included in organization-wide logs

The export contains the following columns: Ticket information
  • Ticket ID, Ticket Number, Team
  • Ticket Name, Description
  • Created At, Completed At, Escalated At
Assignment and status
  • Created By, Assigned To
  • Status, Escalation Level, Priority
SLA tracking
  • SLA Started At, SLA Breaches At
Additional context
  • Labels, Workflow Calls, AI Feedback
Use spreadsheet pivot tables or filters to analyze the data by team, date range, or ticket type. This helps identify trends and bottlenecks in your access management process.

Automate Access Reviews with Workflows

Build recurring workflows to automate access audits and maintain continuous compliance.

Example workflows

Weekly admin access review

Trigger: Every Monday at 9amAction: Export all active admin access, send to security team for review

Monthly compliance report

Trigger: First day of each monthAction: Generate access logs for all applications, send to compliance team

Daily inactive access alert

Trigger: Daily checkAction: Identify users with access but no activity in 90 days, notify managers

Weekly contractor expiration review

Trigger: Every MondayAction: Generate access report for contractors ending within 7 days, notify managers

Building an access review workflow

1

Navigate to workflows

Create a new workflow
2

Define review frequency

Decide how often to run the review (daily, weekly, monthly, quarterly)
3

Select scope

Choose whether to review specific roles, applications, or all access
4

Set up notifications

Configure who receives the review results (security team, managers, compliance)
5

Add remediation steps

Define what happens when issues are found (create tasks, send alerts, auto-revoke)
Learn more about building custom workflows

Best Practices

Review sensitive access frequently

Admin and production access should be reviewed weekly or monthly. Standard user access can be reviewed quarterly.

Export logs regularly

Download access logs even if you’re not actively auditing. This creates a historical record for compliance.

Automate where possible

Use workflows to generate reports automatically. This ensures reviews happen consistently without manual effort.

Act on findings quickly

When reviews reveal unexpected access, revoke it immediately and investigate how it was granted.

Document review processes

Write down your review cadence and who’s responsible. This helps during audits and ensures nothing falls through the cracks.

Track trends over time

Compare access logs month-over-month to identify growing security risks or opportunities to tighten controls.

Supports Compliance Frameworks

Serval can be used to satisfy requirements for common compliance frameworks:
Requirement: Regular access reviews and documentation of access controlsHow Serval helps:
  • Export access logs as audit evidence
  • Demonstrate that access is reviewed regularly
  • Show that access is granted based on policies
  • Prove that temporary access is automatically revoked
Requirement: Access control policy and regular access rights reviewsHow Serval helps:
  • Document access policies for each role
  • Generate access reports for periodic reviews
  • Track all changes to access permissions
  • Maintain audit trail of approvals
Requirement: Demonstrate appropriate technical and organizational measures for data accessHow Serval helps:
  • Show who has access to systems containing personal data
  • Prove access is limited to authorized individuals
  • Document justifications for access requests
  • Track when access is granted and revoked