Compliance framework overview
You can see the most important information about a compliance framework on the overview form.
To obtain an overview of a compliance framework
-
In the Manager, select the Attestation > Basic configuration data > Compliance Frameworks category.
- Select the compliance framework from the result list.
- Select the Compliance framework overview task.
Assigning attestation policies
Use this task to assign attestation policies to the selected compliance framework.
To assign attestation policies to a compliance framework
-
In the Manager, select the Attestation > Basic configuration data > Compliance frameworks category.
- Select the compliance framework from the result list.
-
Select the Assign attestation polices task.
Assign the attestation policies in Add assignments.
TIP: In the Remove assignments pane, you can remove attestation policy assignments.
To remove an assignment
- Save the changes.
Chief approval team
Sometimes, approval decisions cannot be made for attestation cases because an attestor is not available or does not have access to One Identity Manager tools. To complete these attestations, you can define a chief approval team whose members are authorized to intervene in the approval process at any time.
There is a default application role in One Identity Manager for the chief approval team. Assign this application role to all employees who are authorized to approve, deny, cancel attestations in special cases, or to authorize other attestors. For detailed information about application roles, see the One Identity Manager Authorization and Authentication Guide.
Table 7: Default application role for chief approval team
Chief approval team |
The chief approver must be assigned to the Identity & Access Governance | Attestation | Chief approval team application role.
Users with this application role:
|
To add members to the chief approval team
-
In the Manager, select the Attestation > Basic configuration data > Chief approval team category.
-
Select the Assign employees task.
In the Add assignments pane, assign the employees who are authorized to approve all attestations.
TIP: In the Remove assignments pane, you can remove the assignment of employees.
To remove an assignment
- Save the changes.
Detailed information about this topic
Attestation policy owners
Default application roles for attestation policy owners are available in One Identity Manager. These owners have permission to edit attestation policies. For detailed information about application roles, see the One Identity Manager Authorization and Authentication Guide.
Table 8: Default application roles for attestation policy owners
Attestation policy owners |
Owners of attestation policies must be assigned to a child application role of the Identity & Access Governance | Attestation | Attestation policy owners application role.
Users with this application role:
-
Are responsible for its content and handle the attestation policies assigned to it.
-
Assign the attestation procedure, approval policy, and calculation schedule.
-
Assign approvers, mitigating controls, and compliance frameworks.
-
Monitor attestation cases and attestation runs. |
Direct owners |
Direct owners are all employees assigned to an attestation policy as an Owner (UID_PersonOwner column). Members of this application role are determined through a dynamic role. |
Owner role |
This application role or child application role can be assigned to attestation policies as an Owner (application role) (UID_AERoleOwner column) This allows you to specify groups of employees as owners for attestation policies. Employees are added as members to application roles by direct assignment. |
To add members to the owner role
-
In Manager, select the Attestation > Basic configuration data > Attestation policy owners > Owner role category.
-
Select the Assign employees task.
In the Add Assignments pane, assign the employees who are allowed to edit an attestation policy.
TIP: In the Remove assignments pane, you can remove the assignment of employees.
To remove an assignment
- Save the changes.
If you want to restrict owner permissions to individual attestation policies, create child application roles.
To specify an owner role for an attestation policy
-
Log in to the Manager as an attestation administrator (Identity & Access Governance | Attestation | Administrators application role).
-
Select the Attestation > Attestation policies category.
-
Select the attestation policy in the result list.
-
Select the Change main data task.
-
In the Owner (application role) menu, select the owner role.
- OR -
Click next to the menu to create a new application role.
-
Enter the application role name and assign the Identity & Access Governance | Attestation | Attestation policy owners | Owner role parent application role.
-
Click OK to add the new application role.
- Save the changes.
-
Assign employees to this application role who are permitted to edit the attestation policy.
Related topics