Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.yrka.io/llms.txt

Use this file to discover all available pages before exploring further.

An access review is a structured check of who has access to what inside your Yrka organization. You confirm that admin roles still match each person’s current responsibilities, that employee app access is enabled only for the right people, and that any pending access grants from external sign-in flows have been evaluated. Running access reviews before you go live — and then on a recurring cadence — helps you catch over-provisioned permissions before they become a problem.

What an access review covers

When you run an access review, you look at three areas:
  • Admin role assignments — which admins have which roles, and whether any sensitive permissions (billing, payroll export, confidential documents, role management, destructive settings) are assigned to the right people.
  • Employee app access — which employees have self-service sections enabled, with particular attention to people who are terminated, inactive, on leave, seasonal, or in a pending state.
  • Pending access requests — any outstanding requests created by external identity or sign-in flows that still need admin review before access is granted or denied.
Access review is a customer-controlled workflow. Yrka surfaces the current state of your roles and access; it does not make automatic recommendations about who should or should not have access. The decisions are yours.

When to run access reviews

  • Before launch — complete a sign-off during the setup process to confirm access is correct before your team starts using Yrka.
  • After major staffing changes — when people join, leave, change roles, or go on extended leave, re-run the review to confirm access matches their current status.
  • On a regular cadence — most organizations run access reviews quarterly or after significant organizational changes, though your cadence should match your own operational and compliance requirements.

How to run an access review

1

Open the access review surface

You can start an access review from three places:
  • The setup access-review step in the onboarding checklist (for pre-launch sign-off)
  • The access-review card in Reports
  • The security area in Settings
2

Review admin role assignments

Check each admin’s current role against their job responsibilities. Pay particular attention to sensitive permissions: billing, payroll export, confidential documents, role management, employee access grants, and destructive settings. If a role is broader than the person’s current work requires, this is the time to narrow it.
3

Review employee app access

Look at which employees have self-service sections enabled. Flag anyone who is terminated, inactive, on seasonal leave, or in a pending state — these employees may not need continued app access. An employee can appear in Personnel without having active app access, so check both the directory and the access flag.
4

Check pending access requests

If your organization uses external sign-in or identity flows, there may be pending access requests waiting for admin review. Check these and approve or deny each one based on the person’s current relationship with your organization.
5

Record sign-off

When access is in an acceptable state, record your sign-off. The sign-off is logged as audit evidence and updates the access-review status visible in Reports.
6

Create follow-up tasks

If you identify issues you cannot resolve immediately — a role that needs restructuring, a pending access request that needs more information, or a terminated employee whose data needs review — create follow-up tasks so the work is tracked and assigned.

What the access review report shows

After completing a review, the Reports access-review card reflects:
  • The date and identity of the last sign-off
  • Whether any follow-up tasks were created and are still open
  • The current set of active admin role definitions and their permission configuration
  • Employees with self-service access enabled, grouped by status where supported
  • Any pending request-capable grants from external identity flows

Signing off during setup

If you are completing the pre-launch onboarding checklist, the setup access-review step walks you through the same checks described above and lets you record a sign-off directly from the checklist. Completing this step is recommended before your go-live date.
Even a quick access review before launch catches common issues like a departing team member still holding an Owner role, or an employee on extended leave with active app access.

Common issues

An employee appears in Personnel but should not have app access. Being in the Personnel directory and having employee app access are separate. Open the employee’s record and check the employee app access flag specifically. A pending access request exists but you do not recognize the requester. External identity setup can generate requests automatically. Review each pending request carefully before approving. If you do not recognize a requester, deny the request and investigate how it was created. The access review sign-off is not appearing in audit evidence. Confirm you completed the final sign-off step — reviewing the information alone does not create audit evidence. The sign-off control must be explicitly submitted. You cannot complete sign-off in the setup checklist. You need Owner or admin-management permissions to record access review sign-off. If the sign-off control is not available, check your role permissions.