rule check
To test a rule, processing tasks are created for the DBQueue Processor. For each rule, the DBQueue Processor determines which employees have violated that rule. Follow-up tasks assign the associated rule violation object to employees that have violated a rule. The specified rule approvers can test rule violations and if necessary grant exception approval.
 
    Checking a rule
You can start rule checking in different ways to find the current rule violations in the One Identity Manager database.
- Scheduled rule checking 
- Automatic rule checking after modifications 
- Ad-hoc rule checking 
Only operational rules are checked during rule checking. Disabled rule are not tested. If a rule is violated, the effected employees are assigned the corresponding object for rule violations. You can check all the rules again for these employees. For more information, see Rule check analysis.
In addition to locating existing rule violations, One Identity Manager can also identify potential violations of IT Shop requests and business roles. For more information, see Determining potential rule violations.
 
    Scheduled rule checking
The Compliance rule check schedule, is supplied with the One Identity Manager default installation to run a complete check of all rules. This schedule generates processing tasks at regular intervals for the DBQueue Processor.
Prerequisites
- The rule is enabled. 
- The schedule stored with the rule is enabled. 
Detailed information about this topic 
 
    Rule checking rule modifications
Table 29: Configuration parameters for rule checking
| QER | ComplianceCheck | CalculateImmediately | Processing tasks for recalculating rule violations are immediately started when relevant changes occur. | 
A processing task for rule checking is generated the moment an active rule is modified or deleted. All employees are checked to see if they fulfill the affected rule. 
When specific changes are made to entitlements, you can immediately queue or schedule the calculation tasks to check the rules. Specify the desired behavior in the "QER | ComplianceCheck | CalculateImmediately" configuration parameter. If the parameter is set, the processing task for recalculating rule violation for an employee are immediately queued. If the parameter is not set, the calculation task is started the next time the schedule is planned to run.
To trigger rule checks immediate after relevant changes have been made
NOTE: This configuration parameter only applies if data changes are relevant. These include:
- Changes to employee master data 
- Changes to employee assignments (for example, the PersonHasQERResource table) 
- Changes to employees' role memberships 
- Changes to membership in system entitlements (for example, the ADSAccountInADSGroup table) 
- Changes to SAP function matches (the SAPUserInSAPFunction table)