Memberships in system roles are attested using the System role membership attestation attestation procedure.
For this attestation procedure you can use the following attestation conditions:|
Condition |
Description |
|---|---|
|
All roles |
Attests memberships in all system roles. |
|
System roles with matching name |
Enter part of a name of system roles with memberships to attest. All system roles that have this pattern in their name are included. Example: Per finds "Person", "Personal", "Perfection" and so on. |
|
Attesting by attestation status |
Select an attestation status You can select the follow status:
|
|
Specific roles |
Select the system roles. Attests memberships in these system roles. Use |
|
New or not attested for x days |
Specify a number of days. |
|
Roles with specific owners |
Select the identities. |
|
Roles with defined risk index |
|
|
Roles with any owner |
Attests all memberships in system roles that have an owner. |
|
Roles with owners in departments |
Select the departments. |
|
System roles by applications |
Select the applications (Application Governance). Attests memberships in system roles assigned to these applications. |
|
Roles by assignment type |
Select how memberships in system roles must be assigned to enable attestation:
|
and 
to switch between hierarchical and list view. Multi-select is possible.|
Approval policies |
Description |
|---|---|
|
Attestation by selected approvers with automatic removal of assignments |
Click Assign/Change in the Attestors field and then select the identities that can make approval decisions about attestation cases. Memberships are deleted if attestation is denied and the configuration fits. |