An access review is a systematic cybersecurity process that evaluates and validates user permissions and privileges across an organization's digital infrastructure. This security practice ensures that all users, service accounts, and entities maintain only the access rights necessary for their designated roles, following the principle of least privilege. The review examines existing entitlements—including administrative, application-specific, and data access permissions—to identify excessive, dormant, or unauthorized access that could pose security risks.

Regular access reviews are essential for reducing an organization's attack surface, mitigating internal threats, and maintaining compliance with regulatory requirements. By periodically scrutinizing who has access to what resources, organizations can proactively address vulnerabilities, protect sensitive information, and strengthen their overall security posture against evolving cyber threats.