지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.1 - Compliance Rules Administration Guide

Compliance rules and identity audit
One Identity Manager users for identity audit Basic data for setting up rules Setting up a rule base rule check Mail templates for notifying about identity auditing
Mitigating controls for compliance rules Configuration parameters for Identity Audit

Which employees violate a specific rule?

To display employees that violate a rule

  1. In the Manager, select the Identity Audit > Rule violations category.

  2. Select a rule violation in the result list.

  3. Select the Show rule violations task.

    This displays all employees assigned to the rule violation.

Table 27: Meaning of rule evaluation icons
Icon Meaning

Employees pending a rule violation decision.

Employees granted exception approval for their rule violation.

Employees not granted exception approval for their rule violation.

Which rules are violated by a specific employee?

To view which rules the employee violates

  1. In the Manager, select the Employees > Employees category.

  2. Select an employee in the result list.

  3. Select the Rule evaluation report.

    This not only shows the rule that the employee has violated with or without exception, but also those with no violations.

Table 28: Meaning of icons in employee rule analysis
Icon Meaning

The rule is not violated.

The rule is violated. No exception approval has been granted for this rule exception.

The rule is violated. No exception approval has been granted for this rule exception.

Reports about rule violations

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. You can generate the following reports for all active rules, rule groups, and compliance frameworks.

NOTE: Other sections may be available depending on the which modules are installed.

Table 29: Reports about rule violations
Report Description

Overview of all assignments

(of a rule)

This report shows all employees that violate the selected rule. The report shows which roles of a role class the employee belongs to. Employees that are not members of any role are not taken into account.

Rule violations overview

(of a rule)

This report groups together all rule violations for the selected rule. All employees are listed that have objects that violation the rule. The result list is grouped by:

  • Employees pending a rule violation decision.

  • Employees without exception approval.

  • Employees with exception approval.

Show historical rule violations

(of a rule)

This report groups together all historical rule violations for the selected rule. All employees are listed that violate the rule as well as the time period covering the rule violation.

Rule violations overview

(of a rule group)

This report groups together all rule violations for the selected rule group. All rule violations are listed. The number of granted, denied, and not yet processed rule violations are given in addition.

Rule violations overview

(of a compliance framework)

This report groups together all rule violations for the selected compliance framework. All rule violations are listed. The number of granted, denied, and not yet processed rule violations are given in addition.

Detailed list of rule violations

(of a compliance framework)

This report groups together all rule violations for the selected compliance framework. All rule violations are listed. For each rule, the employee that violated the rule, the date and the reason for the approval decision are given.

Related topics

Overview of all assignments

The Overview of all assignments report is displayed for some objects, such as authorizations, compliance rules, or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles, and IT Shop structures in which there are employees who own the selected base object. In this case, direct as well as indirect base object assignments are included.

Examples:
  • If the report is created for a resource, all roles are determined in which there are employees with this resource.

  • If the report is created for a group or another system entitlement, all roles are determined in which there are employees with this group or system entitlement.

  • If the report is created for a compliance rule, all roles are determined in which there are employees who violate this compliance rule.

  • If the report is created for a department, all roles are determined in which employees of the selected department are also members.

  • If the report is created for a business role, all roles are determined in which employees of the selected business role are also members.

To display detailed information about assignments

  • To display the report, select the base object from the navigation or the result list and select the Overview of all assignments report.

  • Click the Used by button in the report toolbar to select the role class for which you want to determine whether roles exist that contain employees with the selected base object.

    All the roles of the selected role class are shown. The color coding of elements identifies the role in which there are employees with the selected base object. The meaning of the report control elements is explained in a separate legend. To access the legend, click the icon in the report's toolbar.

  • Double-click a control to show all child roles belonging to the selected role.

  • By clicking the button in a role's control, you display all employees in the role with the base object.

  • Use the small arrow next to to start a wizard that allows you to bookmark this list of employees for tracking. This creates a new business role to which the employees are assigned.

Figure 9: Toolbar of the Overview of all assignments report.

Table 30: Meaning of icons in the report toolbar

Icon

Meaning

Show the legend with the meaning of the report control elements

Saves the current report view as a graphic.

Selects the role class used to generate the report.

Displays all roles or only the affected roles.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택