Enter the following data for a company policy.
Property |
Description |
---|---|
Policy |
Name of the company policy. |
Description |
Text field for additional explanation. |
Main version number |
Current state of the company policy as a version number. The version number is incremented in One Identity Manager's default installation each time you make a change to the condition. |
Working copy |
Specifies whether this is a working copy of the company policy. |
Deactivated |
Specifies whether the company policy is disabled or not. Only company policies that are enabled are included in policy checking. Use the Enable policy or Disable policy tasks to enable or disable a company policy. The working copy company policy is always disabled. |
Policy group |
Policy group to which the company policy belongs, based on its content. Select a policy group from the menu. To create a new policy group, click . Enter a name and description for the policy group. |
Policy supervisors |
Application role whose members are responsible for the company policy, in terms of content. To create a new application role, click . Enter the application role name and assign a parent application role. |
Exception approval allowed |
Specifies whether exception approval is permitted when the policy is violated. Assignments that cause the policy to be violated can be approved and issued anyway with this. |
Attestation policy |
Attestation policy to use for attesting objects that violate this company policy. NOTE: Ensure that the same objects are determined by this attestation policy as by the company policy. Check the assigned tables and conditions. This field is displayed only when the Attestation Module is installed. This functionality is used by default in the context of Behavior Driven Governance. For more information about this, see the One Identity Manager Administration Guide for Behavior Driven Governance. |
Start attestation of new rule violations immediately |
Specifies whether an attestation case is created immediately for each new policy violation. If this option is enabled, assign an attestation policy. This field is displayed only when the Attestation Module is installed. This functionality is used by default in the context of Behavior Driven Governance. For more information about this, see the One Identity Manager Administration Guide for Behavior Driven Governance. |
Exception approvers |
Application role, whose members are entitled to grant exception approval for violations to this company policy. To create a new application role, click . Enter the application role name and assign a parent application role. |
Mail template new violation |
Mail template used to generate an email to inform rule supervisors or exception approvers about new policy violations. |
Exception approvers info |
Information, which the exception approver may require for making a decision. This advice should describe the risks and side effects of an exception. |
Attestors |
Applications role whose members are authorized to approve attestation cases for company policies and policy violations. To create a new application role, click . Enter the application role name and assign a parent application role. |
Without condition |
Specifies whether the company policy a direct relationship to the One Identity Manager data model or not. If this option is set, the Edit condition... button is disabled. If the option is not set, a condition must be entered that finds all the objects that violate the policy. |
Base table |
Base table referenced by the company policy. Based on this table, the system determines which objects violate the company policy. |
Edit connection... |
Starts the WHERE clause wizard. Use the WHERE clause wizard to set up a condition that finds all the objects in the base table that violate the company policy. Use the Expert view button to enter the condition in SQL syntax straight away. |
Condition |
Data query that finds all the objects that violate the company policy. This option is only available if the Show condition task has been run beforehand. |
Detailed information about this topic
- Enabling and disabling company policies
- Policy groups
- Policy supervisors for company policies
- Exception approvers for policy violations
- Company policy attestors
- Displaying conditions of company policy working copies
- Configuring automatic attestation of policy violations