Lumos Access Reviews Guide

Overview

Lumos is our access review platform. User access reviews are critical to ensuring GitLab systems are being accessed appropriately, securely, and compliantly. If you are a DRI for an app, technical owner, or business owner, you may be assigned access review tasks from Lumos. If you are the direct manager of a team member who manages an app, you may also receive user access review assignments for those you manage.

Before getting started in Lumos, please read the Access Review Procedure. When an access review is assigned, Lumos will reach out via email and Slack with the app name and permissions being reviewed in the title of the access review.

Access Review Walkthrough

When a review is assigned to you, you will receive a notification through Slack or Email.

  1. Go to your access reviews in Lumos

    Click Review Accounts in the notification

  2. Click “Continue Review” for an app to start a review

    On the app list, click Continue review to the far-right

  3. Review the line items assigned to you

    Review the users assigned to you

  4. Approve or reject the accounts assigned to you

    Approve, reject, or modify access in bulk

  • Add a note for any line item to add context for auditors

    Click the + to add a note

Access Review Message Template

Access review administrators must include a messave when launching access reviews, to assist unfamiliar reviewers with how to perform an access review. Use the template below.

You have been assigned to perform a user access review for a system at GitLab. Please see the instructions listed below.

App name: <insert app name>

https://handbook.gitlab.com/handbook/security/corporate/systems/lumos/access_reviews/

Need help? Have a question?

Reach out to the #user-access-reviews channel on Slack

References

Last modified June 27, 2025: Slack channel name is incorrect on the Lumos Access Reviews Guide page (801e2988)
View page source - Edit this page - please contribute. Creative Commons License