Compliance rules that are violated generate rule violations. Rule violations may be approved as an exception. Rule violations that you can approve are displayed on the Pending Rule Violations page (see Pending rule violations (page description)).
General tips and getting started
Logging in and out
Security keys (WebAuthn)
Requests
First login/new account
Logging in
Logging in with security keys
Logging in to the Password Reset Portal
Logging off
Navigation and use
Simple navigation
Search
Displaying the address book
Sorting
Bookmarks
Help
Filtering
Grouping and ungrouping columns
Showing other columns
Saving views
Deleting saved views
Custom filter conditions
Managing password questions
Changing passwords
Unlocking user accounts
Changing my contact data
Switching languages
Enabling/disabling email notifications
Personal dashboard settings
Report subscriptions management
Creating filters using the wizard
Using control elements
Displaying technical names of database columns
Displaying filter conditions as SQL expressions
Exporting views
Mobile view
Subscribing to reports
Editing report subscriptions
Sending reports from report subscriptions
Unsubscribing reports
Reports
The user interface layout
Requesting products
Attestation
Adding products to the shopping cart
Managing products in the shopping cart
Saved for Later list
Displaying the shopping cart
Editing multiple products in the shopping cart
Removing products from the shopping cart
Setting the validity period of products in your shopping cart
Specifying the priority of products in your shopping cart
Giving reasons for requests
Specifying departments for products in shopping cart
Checking the shopping cart and removing invalid products
Requesting products in the shopping cart for multiple identities
Deleting shopping carts
Submitting requests
Requesting from templates
Displaying and requesting other identity’s products
Requesting for other identities or subidentities
Requesting privileged access
Requesting Starling 2FA tokens
Requesting products that require multi-factor authentication
Requests for Active Directory groups
Saving products for later
Displaying Saved for Later list
Requesting products on the Saved for Later list
Removing products from the Saved for Later list
Deleting the Saved for Later list
Request templates
Displaying request templates
Creating request templates
Publishing request templates
Editing request templates
Pending requests
Adding additional information to request templates
Adding products to request templates
Removing products from request templates
Deleting request templates
Displaying pending requests
Approving and denying requests
Displaying request history
Resubmitting requests
Canceling requests
Renewing products with limit validity periods
Unsubscribing products
Displaying approvals
Undoing approvals
Request inquiries
Auditing requests
Escalated requests
Displaying and approving entire requests of pending requests
Approving pending requests from newly created Active Directory groups
Approving new managers' pending requests
Appointing other approvers for pending requests
Rerouting approvals of pending requests
Appointing additional approvers to pending requests
Delegating approvals of pending requests to other identities
Escalating approvals of pending requests
Rejecting request approval
Changing priority of pending requests
Confirming terms of use
Adding more products to pending requests
Canceling pending requests
Sending inquiries about pending requests
Revoking hold status of pending requests
Displaying escalated requests
Approving and denying escalated requests
Displaying and approving entire requests of escalated requests
Approving escalated requests from newly created Active Directory groups
Approving new manager's escalated assignments
Appointing other approvers for escalated requests
Rerouting escalated requests' approvals
Appointing additional approvers to escalated requests
Delegating approvals of escalated requests to other identities
Changing priority of escalated requests
Adding more products to escalated requests
Canceling escalated requests
Submitting inquiries about escalated requests
Revoking hold status of escalated requests
Attestors for attestation cases
Compliance
Displaying attestors of my attestation cases
Displaying attestors of pending attestation cases
Displaying attestors of pending attestation cases through the attestation history
Displaying attestors of pending auditing attestation cases
Displaying attestors of escalated attestation cases
Sending attestation reminders
Sending reminders for your own attestation cases
Sending reminders about pending attestation cases
Sending reminders of pending attestation cases through the attestation history
Sending reminders of pending auditing attestation cases
Sending reminders about escalated attestation cases
Sending reminders about attestation runs
My attestation cases
Pending attestations
Displaying pending attestation cases
Granting or denying attestation cases
Appointing other approvers for pending attestation cases
Displaying attestation history
Attestation inquiries
Auditing attestations
Attestation – Administration
Rerouting approvals of pending attestation cases
Appointing additional approvers to pending attestation cases
Delegating approvals of pending attestation cases to other identities
Rejecting approval of attestation cases
Submitting inquiries about pending attestation cases
Revoking the hold status of pending attestation cases
Attestation policies
Escalation
Displaying attestation policies
Setting up attestation policies
Editing attestation policies
Copying attestation policies
Deleting attestation policies
Attestation runs
Displaying attestation policy runs
Displaying attestation cases of application runs
Extending attestation runs
Attestation by peer group analysis
Displaying escalated attestation cases
Granting or denying escalated attestation cases
Appointing other approvers for escalated attestation cases
Submitting inquiries about escalated attestation cases
Revoking the hold status of escalated attestation cases
Managing rule violations
Responsibilities
Displaying approvable rule violations
Approving and denying rule violations
Resolving rule violations
Displaying rule violation history
Managing policy violations
Displaying approvable policy violations
Approving and denying policy violations
Displaying policy violation history
Auditing rule and policy violations
Compliance – Governance Administration
Risk assessment
Displaying risk index functions
Editing risk index functions
Enabling/disabling risk index functions
Displaying compliance frameworks
Displaying high risk objects
Viewing compliance rules and violations
Displaying company policies and violations
Displaying compliance rules with SAP functions
Displaying rule violations of identities with critical SAP functions
My responsibilities
Applications
Calls
Discovering your statistics on the home page
Specifying keywords for requestable products
My departments
Delegating tasks
Displaying my departments
Restoring my deleted departments
Displaying my department overviews
Displaying and editing my department main data
My department's memberships
My application roles
Displaying memberships in my departments
Assigning identities to my departments
Removing identities from my departments
My department entitlements
Displaying my department entitlements
Adding my department entitlements
Deleting my department entitlements
Compliance: My departments
Displaying my departments' rule violations
Displaying my department policy violations
Displaying rule violations of my department members
Displaying risk indexes and entitlements of my department members
My department attestations
Displaying my department attestation cases
Displaying attestors of my department pending attestation cases
Approving and denying my department attestation cases
Sending reminders about my department pending attestation cases
Displaying my department risk indexes
My departments' history
Displaying my department history
Displaying the status overview of my departments
Comparing statuses of my departments
Displaying role memberships of my department members
Copying/splitting my departments
Comparing and merging my departments
Displaying my department statistics
Displaying my application roles
Displaying my application roles' overviews
Creating your own application roles
Displaying and editing my application roles' main data
My application roles' memberships
My devices
Displaying memberships in my application roles
Assigning identities to my application roles
Removing identities from my application roles
My application roles' entitlements
Compliance: My application roles
Displaying my application roles' policy violations
Displaying rule violations of my application roles' members
Displaying risk indexes and entitlements of my application roles' members
My application roles' attestations
Displaying my application roles' pending attestation cases
Displaying attestors of my application roles' pending attestation cases
Approving and denying my application roles' attestation cases
Sending reminders about my application roles' pending attestation cases
My application roles' history
Displaying my application roles' history
Displaying the status overview of my application roles
Comparing statuses of my application roles
Displaying role memberships of my application roles' members
Displaying my devices
Adding your own devices
Displaying my devices' overviews
Displaying and editing my devices' main data
My business roles
Displaying my business roles
Creating your own business roles
Restoring deleted my business roles
Displaying my business roles' overviews
Displaying and editing my business roles' main data
My business roles' memberships
My identities
Displaying my business roles' memberships
Assigning identities to my business roles
Removing identities from my business roles
My business roles' entitlements
Displaying my business roles' entitlements
Adding my business roles' entitlements
Deleting my business roles' entitlements
Compliance: My business roles
Displaying my business roles' rule violations
Displaying my business roles' policy violations
Displaying rule violations of my business roles' members
Displaying risk indexes and entitlements of my business roles' members
My business roles' attestations
Displaying my business roles' attestation cases
Displaying attestors of my business roles' pending attestation cases
Approving and denying my business roles' attestation cases
Sending reminders about my business roles' pending attestation cases
Displaying my business roles' risk indexes
My business roles' history
Displaying my business roles' history
Displaying the status overview of my business roles
Comparing statuses of my business roles
Roll back my business roles to historical state
Displaying role memberships of my business roles' members
Copying/splitting my business roles
Comparing and merging my business roles
Displaying my identities
Adding your own identities
Displaying my identities' rule violations
Displaying my identities' overviews
Displaying and editing my identities' main data
Assigning other managers to my identities
Creating reports about my identities
Displaying my identity requests
My identities' entitlements
My identities' delegations
My cost centers
Deleting my identities' delegations
Adding delegations for my identities
Canceling my identities' delegations
Deleting my identities' delegations
Attesting my identities
Displaying attestation cases of my identities
Displaying attestors of my identities' pending attestation cases
Approving and denying my identities' attestation cases
Sending reminders about my identities' pending attestation cases
Displaying my identities' risk indexes
My identities' history
Displaying my identity history
Displaying the status overview of my identities
Comparing statuses of my identities
Creating passcodes for my identities
Displaying my cost centers
Restoring my deleted cost centers
Displaying my cost center overviews
Displaying and editing my cost center main data
My cost center memberships
My multi-request resources
Displaying memberships in my cost centers
Assigning my identities to cost centers
Removing identities from my cost centers
My cost center entitlements
Displaying my cost center entitlements
Adding my cost center entitlements
Deleting my cost center entitlements
My cost center attestations
Displaying my cost center attestation cases
Displaying attestors of my cost center pending attestation cases
Approving and denying my cost center attestation cases
Sending reminders about my cost centers' pending attestation cases
Compliance: My cost centers
Displaying my cost center rule violations
Displaying my cost center policy violations
Displaying rule violations of my cost center members
Displaying risk indexes and entitlements of my cost center members
Displaying my cost center risk indexes
My cost center history
Displaying my cost center history
Displaying the status overview of my cost centers
Comparing statuses of my cost centers
Displaying role memberships of my cost center members
Copying/splitting my cost centers
Comparing and merging my cost centers
Displaying my cost center statistics
Displaying my multi-request resources
Displaying my multi-request resources' overviews
Displaying and editing my multi-request resources' main data
My multi-request resources' attestations
My multi requestable/unsubscribable resources
Displaying my multi requestable/unsubscribable resources
Displaying my multi requestable/unsubscribable resources' overviews
Displaying and editing my multi requestable/unsubscribable resources' main data
My multi requestable/unsubscribable resources' memberships
My resources
Displaying my multi requestable/unsubscribable resources' memberships
Assigning identities to my multi requestable/unsubscribable resources
Removing identities from my multi requestable/unsubscribable resources
My multi requestable/unsubscribable resources' attestations
Displaying my multi requestable/unsubscribable resources' attestation cases
Displaying attestors of my multi requestable/unsubscribable resources' pending attestation cases
Approving and denying my multi requestable/unsubscribable resources' attestation cases
Sending reminders about my multi requestable/unsubscribable resources' pending attestation cases
Displaying my resources
Displaying my resources' overviews
Creating your own resources
Displaying and editing my resources' main data
My resources' memberships
My software applications
Displaying memberships in my resources
Assigning identities to my resources
Removing identities from my resources
My resources' attestations
Displaying my resources' attestation cases
Displaying attestors of my resources' pending attestation cases
Approving and denying my resources' attestation cases
Sending reminders about my resources' pending attestation cases
Displaying role memberships of my resources' members
Displaying my software applications
Adding your own software
Displaying my software applications' overviews
Displaying and editing my software applications' main data
My software applications' memberships
My locations
Displaying memberships in my software applications
Assigning identities to my software applications
Removing identities from my software applications
My software applications' attestations
Displaying my software applications' attestation cases
Displaying attestors of my software applications' pending attestation cases
Approving and denying my software applications' attestation cases
Sending reminders about my software applications' pending attestation cases
Displaying role memberships of my software applications' members
Displaying my locations
Restoring my deleted locations
Displaying my locations' overviews
Displaying and editing my locations' main data
My locations' memberships
My system entitlements
Displaying memberships in my locations
Assigning identities to my locations
Removing identities from my locations
My locations' entitlements
Displaying my locations' entitlements
Adding my locations' entitlements
Deleting my locations' entitlements
My locations' attestations
Displaying my locations' attestation cases
Displaying attestors of my locations' pending attestation cases
Approving and denying my locations' attestation cases
Sending reminders about my locations' pending attestation cases
Compliance: My locations
Displaying my locations' rule violations
Displaying my locations' policy violations
Displaying rule violations of my locations' members
Displaying risk indexes and entitlements of my locations' members
Displaying my locations' risk indexes
My locations' history
Displaying my locations' history
Displaying the status overview of my locations
Comparing statuses of my locations
Displaying role memberships of my locations' members
Copying/splitting my locations
Comparing and merging my locations
Displaying my locations' statistics
Displaying my system entitlements
Displaying my system entitlements' overviews
Displaying and editing my system entitlements main data
Deleting my Active Directory groups
My system entitlements' memberships
My system roles
Displaying memberships in my system entitlements
Assigning identities to my system entitlements
Removing identities from my system entitlements
My system entitlement's child groups
Display my system entitlements' child groups
Assigning child groups to my system entitlements
To remove child groups from my system entitlements
My system entitlements' attestations
Displaying my system entitlements' attestation cases
Displaying attestors of my system entitlements' pending attestation cases
Approving and denying my system entitlements' attestation cases
Sending reminders about my system entitlements' pending attestation cases
My system entitlements' attestors
My system entitlements' product owners
Displaying my system entitlements' product owners
Specifying product owners for my system entitlements
My system entitlements' history
Displaying my system entitlements' history
Displaying the status my system entitlements' overview
Comparing statuses of my system entitlements
Displaying role memberships of my system entitlements' members
Displaying my system roles
Creating your own system roles
Displaying my system roles' overviews
Displaying and editing my system roles' main data
My system roles' memberships
My assignment resources
Displaying memberships in my system roles
Assigning identities to my system roles
Removing identities from my system roles
My system roles' entitlements
Displaying my system roles' entitlements
Adding my system roles' entitlements
Deleting my system roles' entitlements
Compliance: My system roles
Displaying my system roles' rule violations
Displaying my system roles' policy violations
Displaying rule violations of my system roles' members
Displaying risk indexes and entitlements of my system roles' members
My system roles' attestations
Displaying my system roles' attestation cases
Displaying attestors of my system roles' pending attestation cases
Approving and denying my system roles' attestation cases
Sending reminders about my system roles' pending attestation cases
Displaying my system roles' risk indexes
My system roles' history
Displaying my system roles' history
Displaying the status overview of my system roles
Comparing statuses of my system roles
Displaying role memberships of my system roles' members
Displaying delegations
Creating delegations
Canceling delegations
Deleting delegations
Displaying delegation history
Ownerships
Assigning product owners to system entitlements
Assigning owners to devices
Claiming ownership of Active Directory groups
Auditing
Auditing departments
Governance administration
Displaying all departments
Displaying department overviews
Displaying department main data
Displaying department memberships
Displaying department entitlements
Department attestations
Auditing application roles
Displaying department attestation cases
Displaying attestors of department pending attestation cases
Department compliance
Displaying department risk indexes
Department history
Displaying department history
Displaying the status overview of departments
Comparing statuses of departments
Displaying role memberships of department members
Displaying all application roles
Displaying application role overviews
Displaying application role main data
Displaying memberships in application roles
Displaying application role entitlements
Application role attestations
Auditing devices
Auditing business roles
Displaying application role pending attestation cases
Displaying attestors of application role pending attestation cases
Application role history
Displaying application role history
Displaying the status overview of application roles
Comparing statuses of application roles
Displaying role memberships of application role members
Displaying all business roles
Displaying business role overviews
Displaying business role main data
Displaying memberships in business roles
Displaying business role entitlements
Business role attestations
Auditing identities
Displaying business role attestation cases
Displaying attestors of business role pending attestation cases
Business role compliance
Displaying business role risk indexes
Business role history
Displaying business role history
Displaying the status overview of business roles
Comparing statuses of business roles
Displaying role memberships of business role members
Displaying all identities
Displaying identity overviews
Displaying identity main data
Displaying identity requests
Displaying identity approvals
Displaying identity entitlements
Displaying identity responsibilities
Identity attestations
Auditing cost centers
Displaying attestation cases of identities
Displaying attestors of identity pending attestation cases
Identity compliance
Displaying identity risk indexes
Identity history
Displaying all cost centers
Displaying cost center overviews
Displaying cost center main data
Displaying memberships in cost centers
Displaying cost center entitlements
Cost center attestations
Auditing multi-request resources
Displaying cost center attestation cases
Displaying attestors of cost center pending attestation cases
Cost center compliance
Displaying cost center risk indexes
Cost center history
Displaying cost center history
Displaying the status overview of cost centers
Comparing statuses of cost centers
Displaying role memberships of cost center members
Displaying multi-request resources
Displaying multi-request resource overviews
Displaying multi-request resource main data
Multi-request resource attestations
Auditing multi requestable/unsubscribable resources
Displaying all multi requestable/unsubscribable resources
Displaying multi requestable/unsubscribable resource overviews
Displaying multi requestable/unsubscribable resource main data
Displaying memberships in multi requestable/unsubscribable resources
Multi requestable/unsubscribable resource attestations
Auditing resources
Displaying all resources
Displaying resource overviews
Displaying resource main data
Displaying memberships in resources
Resource attestations
Displaying role memberships resource members
Auditing software
Displaying all software applications
Displaying software application overviews
Displaying software application main data
Displaying memberships in software applications
Software application attestations
Auditing locations
Displaying software application attestation cases
Displaying attestors of software application pending attestation cases
Displaying role memberships of software application members
Displaying all locations
Displaying location overviews
Displaying location main data
Displaying memberships in locations
Displaying location entitlements
Location attestations
Location compliance
Displaying location risk indexes
Location history
Auditing system roles
Displaying location history
Displaying the status overview of locations
Comparing statuses of locations
Displaying role memberships of location members
Displaying all system roles
Displaying system role overviews
Displaying system role main data
Displaying memberships in system roles
Displaying system role entitlements
System role attestations
Auditing system entitlements
Displaying system role attestation cases
Displaying attestors of system role pending attestation cases
System role compliance
Displaying system role risk indexes
System role history
Displaying system role history
Displaying the status overview of system roles
Comparing statuses of system roles
Displaying role memberships of system role members
Displaying all system entitlements
Displaying system entitlement overviews
Displaying system entitlement main data
Displaying memberships in system entitlements
Displaying system entitlement child groups
System entitlement attestations
Auditing assignment resources
Displaying attestation cases of system entitlements
Displaying attestors of system entitlement pending attestation cases
System entitlement history
Displaying system entitlement history
Displaying the status overview of system entitlements
Comparing statuses of system entitlements
Displaying role memberships of system entitlement members
Managing departments
Displaying all departments
Restoring deleted departments
Displaying department overviews
Displaying and editing department main data
Department memberships
Managing business roles
Displaying department memberships
Assigning identities to departments
Removing identities from departments
Department entitlements
Compliance: Departments
Displaying department rule violations
Displaying department policy violations
Displaying rule violations of department members
Displaying risk indexes and entitlements of department members
Department attestations
Displaying department attestation cases
Displaying attestors of department pending attestation cases
Approving and denying department attestation cases
Sending reminders about department pending attestation cases
Displaying department risk indexes
Department history
Displaying department history
Displaying the status overview of departments
Comparing statuses of departments
Displaying role memberships of department members
Copying/splitting departments
Comparing and merging departments
Displaying department statistics
Displaying all business roles
Restoring deleted business roles
Displaying business role overviews
Displaying and editing business role main data
Business role memberships
Managing identities
Displaying business role memberships
Assigning identities to business roles
Removing business roles from identities
Business role entitlements
Displaying business role entitlements
Adding business role entitlements
Deleting business role entitlements
Compliance: Business roles
Displaying business role rule violations
Displaying business role policy violations
Displaying rule violations of business role members
Displaying risk indexes and entitlements of business role members
Business role attestations
Displaying business role attestation cases
Displaying attestors of business role pending attestation cases
Approving and denying business role attestation cases
Sending reminders about business role pending attestation cases
Displaying business role risk indexes
Business role history
Displaying business role history
Displaying the status overview of business roles
Comparing statuses of business roles
Displaying role memberships of business role members
Copying/splitting business roles
Comparing and merging business roles
Displaying all identities
Adding identities
Displaying identity overviews
Displaying and editing identity main data
Assigning other managers to identities
Creating reports about identities
Displaying identity requests
Identity entitlements
Identity delegations
Managing cost centers
Displaying identity delegations
Adding delegations for identities
Canceling identity delegations
Deleting identities' delegations
Identity attestations
Displaying identity attestation cases
Displaying attestors of identity pending attestation cases
Approving and denying identity attestation cases
Sending reminders about identity pending attestation cases
Displaying identity risk indexes
Identity history
Displaying identity history
Displaying the status overview of identities
Comparing statuses of identities
Creating passcodes for identities
Displaying all cost centers
Restoring deleted cost centers
Displaying cost center overviews
Displaying and editing cost center main data
Cost center memberships
Managing multi-request resources
Displaying cost center memberships
Assigning identities to cost centers
Removing identities from cost centers
Cost center entitlements
Displaying cost center entitlements
Adding cost center entitlements
Deleting cost center entitlements
Compliance: Cost centers
Displaying cost center rule violations
Displaying cost center policy violations
Displaying rule violations of cost center members
Displaying risk indexes and entitlements of cost center members
Cost center attestations
Displaying cost center attestation cases
Displaying attestors of cost center pending attestation cases
Approving and denying cost center attestation cases
Sending reminders about cost center pending attestation cases
Displaying cost center risk indexes
Cost center history
Displaying cost center history
Displaying the status overview of cost centers
Comparing statuses of cost centers
Displaying role memberships of cost center members
Copying/splitting cost centers
Comparing and merging cost centers
Displaying cost center statistics
Displaying multi-request resources
Displaying multi-request resource overviews
Displaying and editing multi-request resources main data
Multi-request resource attestations
Managing multi requestable/unsubscribable resources
Displaying all multi requestable/unsubscribable resources
Displaying multi requestable/unsubscribable resource overviews
Displaying and editing multi requestable/unsubscribable resource main data
Multi requestable/unsubscribable resource memberships
Managing resources
Displaying multi requestable/unsubscribable resource memberships
Assigning identities to multi requestable/unsubscribable resources
Removing multi requestable/unsubscribable resources from identities
Multi requestable/unsubscribable resource attestations
Displaying multi requestable/unsubscribable resource attestation cases
Displaying attestors of multi requestable/unsubscribable resource pending attestation cases
Approving and denying multi requestable/unsubscribable resource attestation cases
Sending reminders about multi requestable/unsubscribable resource pending attestation cases
Displaying all resources
Displaying resource overviews
Displaying and editing resource main data
Resources' memberships
Managing locations
Displaying resource memberships
Assigning identities to resources
Removing resources from identities
Resource attestations
Displaying resource attestation cases
Displaying attestors of resource pending attestation cases
Approving and denying resource attestation cases
Sending reminders about resource pending attestation cases
Displaying role memberships resource members
Displaying all locations
Restoring deleted locations
Displaying location overviews
Displaying and editing location main data
Location memberships
System entitlements
Displaying location memberships
Assigning identities to locations
Removing identities from locations
Location entitlements
Compliance: Locations
Displaying location rule violations
Displaying location policy violations
Displaying rule violations of location members
Displaying risk indexes and entitlements of location members
Location attestations
Displaying location attestation cases
Displaying attestors of location pending attestation cases
Approving and denying location attestation cases
Sending reminders about location pending attestation cases
Displaying location risk indexes
Location history
Displaying location history
Displaying the status overview of locations
Comparing statuses of locations
Displaying role memberships of location members
Copying/splitting locations
Comparing and merging locations
Displaying location statistics
Displaying all system entitlements
Displaying system entitlement overviews
Displaying and editing system entitlements main data
Deleting Active Directory groups
System entitlement memberships
Managing system roles
Displaying system entitlement memberships
Assigning identity system entitlements
Removing system entitlements from identities
System entitlements' child groups
Displaying system entitlements' child groups
Assigning child groups to system entitlements
Removing system entitlements' child groups
System entitlement attestations
Displaying system entitlement attestation cases
Displaying attestors of system entitlement pending attestation cases
Approving and denying system entitlement attestation cases
Sending reminders about system entitlement pending attestation cases
System entitlements' attestors
System entitlement product owners
System entitlement history
Displaying system entitlement history
Displaying the status overview of system entitlements
Comparing statuses of system entitlements
Displaying role memberships of system entitlement members
Displaying all system roles
Displaying system role overviews
Displaying and editing system role main data
System role memberships
Managing assignment resources
Displaying system role memberships
Assigning identities to system roles
Removing identities from my system roles
System role entitlements
Displaying system role entitlements
Adding system role entitlements
Deleting system role entitlements
Compliance: System roles
Displaying system role rule violations
Displaying system role policy violations
Displaying rule violations of system role members
Displaying risk indexes and entitlements of system role members
System role attestations
Displaying system role attestation cases
Displaying attestors of system role pending attestation cases
Approving and denying system role attestation cases
Sending reminders about system role pending attestation cases
Displaying system role risk indexes
System role history
Displaying system role history
Displaying the status overview of system roles
Comparing statuses of system roles
Displaying role memberships of system role members
Statistics
Heatmap
Appendix: Attestation conditions and approval policies from attestation procedures
Viewing data
Viewing changes for a specific period
Limiting the amount of data
Displaying object details
What statistics are available?
Attesting primary departments
Attesting primary business roles
Attesting primary cost centers
Attesting primary locations
Attesting secondary departments
Attesting secondary cost centers
Attesting secondary locations
Attesting PAM asset groups
Attesting PAM asset accounts
Attesting PAM assets
Attesting PAM user groups
Attesting PAM user accounts
Attesting PAM account groups
Attesting PAM directory accounts
Attesting PAM accesses
Attesting departments
Application role attestation
Business role attestation
Attesting system roles
Attesting locations
Attesting system roles
Attesting memberships in system entitlements
Attesting memberships in application roles
Attestation of memberships in business roles
Attesting assignment of memberships in system roles
Attesting device owners
Attesting system entitlement owners
Attesting system entitlement owners (initial)
Attesting user accounts
Attesting system entitlements
Attesting assignment of system entitlement to departments
Attesting assignment of system entitlement to business roles
Attestation of system entitlement assignments to cost centers
Attestation of system entitlement assignments to locations
Attesting assignment of system role assignment to departments
Attesting assignment of system roles to business roles
Cost center system role assignment attestation
Attesting assignment of system entitlements to locations
Attesting assignments to system roles
Appendix: Page and menu descriptions
Information (Menu description)
My requests (Menu description)
Profile (Menu description)
My profile (page description)
Help (Menu description)
Request (Menu description)
Overview – Identity (page description)
Contact data (page description)
Password questions (page description)
Entitlements – Identity (page description)
Address book
My requests (page description)
Attestation (Menu description)
Request (page description)
Request history (page description)
Renewing or unsubscribing (page description)
Shopping Cart Templates (page description)
My shopping cart (page description)
My actions (page description)
Pending attestations (page description)
Approval history (page description)
Request inquiries (page description)
Auditing (page description)
IT Shop escalation (page description)
My attestation status (page description)
My actions (page description)
Compliance (Menu description)
Pending attestations (page description)
Auditing (page description)
Governance administration (page description)
Attestation escalation approval (page description)
Pending attestations – Attestation policies (page description)
Pending attestations: One Identity Manager application roles (page description)
Pending attestations: Departments (page description)
Pending attestations: System roles (page description)
Pending attestations: Locations (page description)
Pending attestations: Business roles (page description)
Pending attestations: PAM assets (page description)
Pending attestations: PAM user accounts (page description)
Pending attestations: Employees (page description)
Pending attestations: Cost centers (page description)
Pending attestations: User accounts (page description)
Pending attestations: System entitlements (page description)
Pending attestations: Resources (page description)
Pending attestations: Assignment resources (page description)
Pending attestation: Multi-request resources (page description)
Pending attestations: Software (page description)
Pending attestations: Multi requestable/unsubscribable resources (page description)
Pending attestations – approvals (page description)
Attestation history (page description)
Attestation inquiries (page description)
My actions (page description)
Responsibilities (Menu description)
Pending rule violations (page description)
Rule Violation History (page description)
Pending policy violations (page description)
Policy violations (page description)
Auditing (page description)
Governance administration (page description)
My responsibilities (page description)
Calls (Menu description)
Identities (page description)
Delegating tasks (page description)
Ownerships (page description)
Auditing (page description)
Rule violations of directly subordinated identities (page description)
Adding a new identity (page description)
Identity overview page (page description)
System entitlements (page description)
Overview – Identity (page description)
Main data – Identity (page description)
Requests - Identity ((page description))
Entitlements – Identity (page description)
Delegations – Identity (page description)
Attestations – Identity (page description)
Risk – Identity (page description)
History – Identity (page description)
System entitlement overview page (page description)
Business roles (page description)
Overview – System entitlement (page description)
Main data – System entitlement (page description)
Memberships – System entitlement (page description)
Child groups – System entitlement (page description)
Attestation – System entitlement (page description)
Attestors – System entitlement (page description)
Owners – System entitlement (page description)
History – System entitlement (page description)
Usage – System entitlement (page description)
Creating new business roles (page description)
Business role overview page (page description)
System roles (page description)
Overview – Business role (page description)
Main data – Business role (page description)
Memberships – Business role (page description)
Entitlements – Business role (page description)
Compliance – Business role (page description)
Attestation – Business role (page description)
Risk – Business role (page description)
History – Business role (page description)
Usage – Business role (page description)
Compliance reports – Business role (page description)
New system role (page description)
System role overview page (page description)
Departments (page description)
Overview – System role (page description)
Main data – System role (page description)
Entitlements – System role (page description)
Memberships – System role (page description)
Compliance – System role (page description)
Attestation – System role (page description)
Risk – System role (page description)
History – System role (page description)
Usage – System role (page description)
Compliance reports – system role (page description)
Department overview page (page description)
Cost centers (page description)
Overview – Department (page description)
Main data – Department (page description)
Memberships – Department (page description)
Entitlements – Department (page description)
Compliance – Department (page description)
Attestation – Department (page description)
Risk – Department (page description)
History – Department (page description)
Usage – Department (page description)
Compliance reports – Department (page description)
Cost center overview page (page description)
Locations (page description)
Overview – Cost center (page description)
Main data – Cost center (page description)
Memberships – Cost center (page description)
Entitlements – Cost center (page description)
Compliance – Cost center (page description)
Attestation – Cost center (page description)
Risk – Cost center (page description)
History – Cost center (page description)
Usage – Cost center (page description)
Compliance reports – Cost center (page description)
Location overview page (page description)
Application roles (page description)
Overview - Location (page description)
Main data - Location (page description)
Memberships – Location (page description)
Entitlements – Location (page description)
Compliance – Location (page description)
Attestation – Location (page description)
Risk – Location (page description)
History – Location (page description)
Usage – Location (page description)
Compliance reports - Location (page description)
Creating new application roles (see (page description))
Application role overview page (page description)
Resources (page description)
Assignment resources (page description)
Multi-request resources (page description)
Software (page description)
Multi requestable/unsubscribable resources (page description)
Devices (page description)
Overview – Application role (page description)
Main data - Application role (page description)
Memberships – Application role (page description)
Entitlements – Application role (page description)
Attestation – Application role (page description)
History – Application role (page description)
Usage – Application role (page description)
Compliance reports – Application role (page description)
Auditing – Departments (page description)
Governance administration (page description)
Auditing - Roles and permissions: department (page description)
Auditing – Application roles (page description)
Overview – Department (page description)
Main data – Department (page description)
Memberships – Department (page description)
Entitlements – Department (page description)
Attestation – Department (page description)
Compliance – Department (page description)
Risk – Department (page description)
History – Department (page description)
Usage – Department (page description)
Auditing - Roles and entitlements: application role (page description)
Auditing – Device (page description)
Auditing – Business roles (page description)
Overview – Application role (page description)
Main data - Application role (page description)
Memberships – Application role (page description)
Entitlements – Application role (page description)
Attestation – Application role (page description)
Risk – Application role (page description)
History – Application role (page description)
Usage – Application role (page description)
Auditing - Roles and entitlements: business role (page description)
Auditing – Identity details (page description)
Overview – Business role (page description)
Main data – Business role (page description)
Memberships – Business role (page description)
Entitlements – Business role (page description)
Attestation – Business role (page description)
Compliance – Business role (page description)
Risk – Business role (page description)
History – Business role (page description)
Usage – Business role (page description)
Auditing – Identity (page description)
Auditing – Cost center (page description)
Overview – Identity (page description)
Main data – Identity (page description)
Requests - Identities ((page description))
Approvals – Identity (page description)
Entitlements – Identity (page description)
Responsibilities - Identity (page description)
Attestations – Identity (page description)
Rule violations – Identity (page description)
Compliance – Identity (page description)
Risk – Identity (page description)
History – Identity (page description)
Auditing - Roles and entitlements: cost center (page description)
Auditing – Multi-request resources (page description)
Auditing – Multi requestable/unsubscribable resources (page description)
Auditing - Resources (page description)
Auditing – Software (page description)
Auditing – Locations (page description)
Overview – Cost center (page description)
Main data – Cost center (page description)
Memberships – Cost center (page description)
Entitlements – Cost center (page description)
Attestation – Cost center (page description)
Compliance – Cost center (page description)
Risk – Cost center (page description)
History – Cost center (page description)
Usage – Cost center (page description)
Auditing - Roles and permissions: location (page description)
Auditing – System roles (page description)
Overview - Location (page description)
Main data - Location (page description)
Memberships – Location (page description)
Entitlements – Location (page description)
Auditing– Location (page description)
Compliance – Location (page description)
Risk – Location (page description)
History – Location (page description)
Usage – Location (page description)
Auditing - Roles and permissions: system role (page description)
Auditing - Assignment resource (page description)
Auditing – Active Directory (page description)
Overview – System role (page description)
Main data – System role (page description)
Memberships – System role (page description)
Entitlements – System role (page description)
Attestation – System role (page description)
Compliance – System role (page description)
Risk – System role (page description)
History – System role (page description)
Usage – System role (page description)
Auditing - Roles and permissions: Active Directory group (page description)
Auditing – Azure Active Directory (page description)
Overview – Active Directory group (page description)
Main data – Active Directory group (page description)
Memberships – Active Directory group (page description)
Attestations – Active Directory group (page description)
Child groups – Active Directory group (page description)
History – Active Directory group (page description)
Usage – Active Directory group (page description)
Auditing - Roles and permissions: Azure Active Directory group (page description)
Auditing – Custom target system group (page description)
Overview – Azure Active Directory group (page description)
Main data – Azure Active Directory group (page description)
Memberships – Azure Active Directory group (page description)
Attestations – Azure Active Directory group (page description)
History – Azure Active Directory group (page description)
Usage – Azure Active Directory group (page description)
Auditing - Roles and entitlements: custom target system group (page description)
Auditing – Google Workspace (page description)
Overview – Custom target system group (page description)
Main data – Custom target system group (page description)
Memberships – Custom target system group (page description)
Attestations – Custom target system group (page description)
Child groups – Custom target system group (page description)
History – Custom target system group (page description)
Usage – Custom target system group (page description)
Auditing - Roles and permissions: Google Workspace group (page description)
Auditing – Domino (page description)
Overview – Google Workspace group (page description)
Main data – Google Workspace group (page description)
Memberships – Google Workspace group (page description)
Attestations – Google Workspace group (page description)
History – Google Workspace group (page description)
Usage – Google Workspace group (page description)
Auditing - Roles and permissions: Notes group (page description)
Auditing – LDAP (page description)
Auditing – Oracle E-Business Suite (page description)
Overview – Notes group (page description)
Main data – Notes group (page description)
Memberships – Notes group (page description)
Attestations – Notes group (page description)
Child groups – Notes group (page description)
History – Notes group (page description)
Usage – Notes group (page description)
Auditing – E-Business Suite group (page description)
Auditing – Privileged Account Management (page description)
Auditing – SAP R/3 (page description)
Auditing – Unix (page description)
Overview – E-Business Suite group (page description)
Main data – E-Business Suite group (page description)
Memberships – E-Business Suite group (page description)
Attestations – E-Business Suite group (page description)
History – E-Business Suite group (page description)
Usage – E-Business Suite group (page description)
Business roles (page description)
Business role (page description)
Identities (page description)
Overview – Business role (page description)
Main data – Business role (page description)
Memberships – Business role (page description)
Entitlements – Business role (page description)
Compliance – Business role (page description)
Attestation – Business role (page description)
Risk – Business role (page description)
History – Business role (page description)
Usage – Business role (page description)
Compliance reports – Business role (page description)
Adding a new identity (page description)
Identity (page description)
Multi-request resources (page description)
Multi requestable/unsubscribable resources (page description)
Organization (page description)
Overview – Identity (page description)
Main data – Identity (page description)
Requests - Identities ((page description))
Entitlements – Identity (page description)
Delegations – Identity (page description)
Attestation – Identity (page description)
Risk – Identity (page description)
History – Identity (page description)
Department (page description)
Resources (page description)
System entitlements (page description)
Overview – Department (page description)
Main data – Department (page description)
Memberships – Department (page description)
Entitlements – Department (page description)
Compliance – Department (page description)
Attestation – Department (page description)
Risk – Department (page description)
History – Department (page description)
Usage – Department (page description)
Compliance reports – Department (page description)
Cost center (page description)
Overview – Cost center (page description)
Main data – Cost center (page description)
Memberships – Cost center (page description)
Entitlements – Cost center (page description)
Compliance – Cost center (page description)
Attestation – Cost center (page description)
Risk – Cost center (page description)
History – Cost center (page description)
Usage – Cost center (page description)
Compliance reports – Cost center (page description)
Location (page description)
Overview - Location (page description)
Main data - Location (page description)
Memberships – Location (page description)
Entitlements – Location (page description)
Compliance – Location (page description)
Attestation – Location (page description)
Risk – Location (page description)
History – Location (page description)
Usage – Location (page description)
Compliance reports - Location (page description)
System entitlement (page description)
System roles (page description)
Overview – System entitlement (page description)
Main data – System entitlement (page description)
Memberships – System entitlement (page description)
Child groups – System entitlement (page description)
Attestation – System entitlement (page description)
Attestors – System entitlement (page description)
Owners – System entitlement (page description)
History – System entitlement (page description)
Usage – System entitlement (page description)
System role (page description)
Assignment resources (page description)
Overview – System role (page description)
Main data – System role (page description)
Memberships – System role (page description)
Entitlements – System role (page description)
Compliance – System role (page description)
Attestation – System role (page description)
Risk – System role (page description)
History – System role (page description)
Usage – System role (page description)
Compliance reports – system role (page description)
Managing rule violations
Displaying approvable rule violations
You can display rule violations that you can approve. In doing so, you can additionally display rule violations that have already have an approval decision.
To display rule violations
-
In the menu bar, click Compliance > My Actions.
-
On the My Actions page, click Pending Rule Violations.
This opens the Pending Rule Violations page (see Pending rule violations (page description)) and displays all rule violations for which no approval decision has yet been made.
-
(Optional) To display rule violations that have already been approved or denied, click
(Reset filter: decision status).
-
(Optional) To display details of the identity involved in a rule violation, take the following actions:
-
In the list, click the rule violation.
-
In the details pane, click the identity's name.
-
Related topics
Approving and denying rule violations
As exception approver, you can grant or deny approval to rule violations. If you grant approval to a rule violation, it is considered to be a exception approval.
To make an approval decision about a rule violation
-
In the menu bar, click Compliance > My Actions.
-
On the My Actions page, click Pending Rule Violations.
-
On the Pending Rule Violations, perform one of the following actions:
-
Click
(Approve) next to the rule violation you want to approve.
-
Click
(Deny) next to the rule violation you want to deny.
-
-
(Optional) To set an approval deadline, perform the following actions:
-
In the list, click the role violation for which you want to set an approval deadline.
-
In the details pane, enter the Valid until date.
-
-
Click Next.
-
(Optional) On the Exception Approvals page, perform the following actions:
-
For approved rule violations:
-
To provide a reason for all approved rule violations, enter the reason in the Reason for approvals field.
-
To use a predefined standard reason for all approved rule violations, select the reason in the Standard reason list.
-
-
For denied rule violations:
-
To provide a reason for all denied rule violations, enter the reason in the Reason for approvals field.
-
To use a predefined standard reason for all denied rule violations, select the reason in the Standard reason list.
-
-
To provide an individual reason for an approval decision, click Enter a reason and enter your reason.
TIP: By giving reasons, your approvals are more transparent and support the audit trail.
NOTE: For more detailed information about standard reasons, see the One Identity Manager Compliance Rules Administration Guide.
-
-
Click Save.
(Optional) If the approval requires multi-factor authentication, you are prompted to enter a security code. It may take a few minutes before the prompt appears. Perform one of the following actions:
-
Click Login with the Starling 2FA app and follow the app instructions on your mobile phone.
-
Click Send SMS or Phone call, enter the security code, and click Next.
-
Related topics
Resolving rule violations
You can resolve compliance rule violations that you manage. Rule violations are caused by permissions, so you have the option to remove permissions when you want to resolve one.
Permission assignments play and important role when editing rule violations. For example, permissions assigned through a dynamic role cannot be removed.
The following consequences may result from removing permissions:
|
Assignment Method |
Removing the Entitlement |
|---|---|
|
Direct assignment |
Direct assignment is deleted when the entitlement is removed. |
|
Inherited assignment |
In the case of inherited permissions, there is an option provided to withdraw role membership from the identity. |
|
Dynamic assignment |
Permissions assigned through a dynamic role cannot be removed. |
|
Assignment by request |
If permissions were assigned through a request, the request ends if the permissions are removed. |
|
Primary assignment |
If permissions were assigned through a primary membership, the identity of the primary membership can be optionally revoked if the permissions are removed. |
To resolve a rule violation
-
In the menu bar, click Compliance > My Actions.
-
On the My Actions page, click Pending Rule Violations.
-
On the Pending rule violations page, click the rule violation you would like to resolve.
-
In the details pane, click Resolve.
This opens the Resolve a rule violation dialog and with more details about the rule violation and the permissions that lead to the rule violation.
-
Select the check box next to the permission that you want to be revoked.
-
Click Next.
-
In the Verify step, check the changes to be made.
TIP: The Action column show the consequences of revoking.
-
Click Next.
-
In the Loss of entitlements step, check which permissions are to be revoked to avoid losing permissions accidentally.
-
Click Next.
All permissions that were displayed for resolving the rule violation are withdrawn from the identity.