Enter the following data for a company policy.
Table 9: General main data of company policies
|
Policy |
Name of the company policy. |
|
Description |
Text field for additional explanation. |
|
Main version number |
Current state of the company policy as a version number. The version number is incremented in One Identity Manager's default installation each time you make a change to the condition. |
|
Working copy |
Specifies whether this is a working copy of the company policy. |
|
Deactivated |
Specifies whether the company policy is disabled or not.
Only company policies that are enabled are included in policy checking. Use the Enable policy or Disable policy tasks to enable or disable a company policy. The working copy company policy is always disabled. |
|
Policy group |
Policy group to which the company policy belongs, based on its content. Select a policy group from the menu. To create a new policy group, click  . Enter a name and description for the policy group. |
|
Policy supervisors |
Application role whose members are responsible for the company policy, in terms of content.
To create a new application role, click . Enter the application role name and assign a parent application role. |
|
Exception approval allowed |
Specifies whether exception approval is permitted when the policy is violated. Assignments that cause the policy to be violated can be approved and issued anyway with this. |
|
Exception approvers |
Application role, whose members are entitled to grant exception approval for violations to this company policy.
To create a new application role, click . Enter the application role name and assign a parent application role. |
|
Mail template new violation |
Mail template used to generate an email to inform rule supervisors or exception approvers about new policy violations. |
|
Exception approvers info |
Information, which the exception approver may require for making a decision. This advice should describe the risks and side effects of an exception. |
|
Attestors |
Applications role whose members are authorized to approve attestation cases for company policies and policy violations.
To create a new application role, click . Enter the application role name and assign a parent application role. |
|
Without condition |
Specifies whether the company policy a direct relationship to the One Identity Manager data model or not. If this option is set, the Edit condition... button is disabled.
If the option is not set, a condition must be entered that finds all the objects that violate the policy. |
|
Base table |
Base table referenced by the company policy.
Based on this table, the system determines which objects violate the company policy. |
|
Edit connection... |
Starts the WHERE clause wizard. Use the WHERE clause wizard to set up a condition that finds all the objects in the base table that violate the company policy. Use the Expert view button to enter the condition in SQL syntax straight away. |
|
Condition |
Data query that finds all the objects that violate the company policy. This option is only available if the Show condition task has been run beforehand. |
Detailed information about this topic
Related topics
For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.
You can use One Identity Manager to evaluate the risk of policy violations. To do this, enter a risk index for the company policy. The risk index specifies the risk involved for the company if the company policy is violated. The risk index is given as a number in the range 0 ... 1. By doing this you specify whether a policy violation is not considered a risk for the company (risk index = 0) or whether every policy violation poses a problem (risk index = 1).
You can use the Report Editor to assess policy violations depending on the risk index by creating various reports. For more information about creating reports, see the One Identity Manager Configuration Guide.
To assess the risk of a policy violation enter values for grading company policies on the Assessment criteria tab.
Table 10: Assessment criteria for a rule
|
Severity code |
Specifies the impact on the company of violations to this company policy. Use the slider to enter a value between 0 and 1.
0 ... No impact
1 ... Every rule violation is a problem. |
|
Significance |
Provides a verbal description of the impact on the company of violations to this company policy. In the default installation, the values low, average, high, and critical are listed. |
|
Risk index |
Specifies the risk for the company of violations to this company policy. Use the slider to enter a value between 0 and 1.
0... no risk
1... Every rule violation is a problem.
This field is only visible if the QER | CalculateRiskIndex configuration parameter is set. |
|
Risk index (reduced) |
Show the risk index taking mitigating controls into account. The risk index for a company policy is reduced by the significance reduction value for all assigned mitigating controls. The risk index (reduced) is calculated for the original company policy. To copy the value to a working copy, run the task Create working copy.
This field is only visible if the QER | CalculateRiskIndex configuration parameter is set. The value is calculated by One Identity Manager and cannot be edited. |
|
Transparency index |
Specifies how traceable assignments are that are checked by this company policy. Use the slider to enter a value between 0 and 1.
0... no transparency
1... full transparency |
|
Max. number of rule violations |
Number of policy violations allowed for this company policy. |
Detailed information about this topic
Related topics
You can enter additional comments about the company policy and revision data on the Extended tab.
Table 11: General main data of company policies
|
Policy number |
Additional identifier for the company policy. |
|
Implementation notes |
Text field for additional explanation. You can use implementation notes to enter explanations about the content of the policy condition, for example. |
|
Status |
Status of the company policy with respect to its audit status. |
|
Schedule |
Schedule for starting policy checks on a regular basis.
By default, the Policy Check schedule is assigned but you can assign your own schedule. |
Related topics
You can compare the results of a working copy with the original company policy. Company policies can only be compared when an original of the working copy exists.
TIP: All working copies with a different condition to that of the original company policy are displayed in the Company policies > Policies > Working copies of policies > Modified working copies category.
To compare a company policy with the working copy
-
In the Manager, select the Company policies > Policies > Working copies of policies category.
-
Select the working copy in the result list.
-
Select the Change main data task.
-
Select the Compare policy task.
The comparison values are then displayed on the Policy comparison tab.
Table 12: Results of a policy comparison
|
Newly added |
would violate the policy for the first time |
|
Identical |
would still violate the policy |
|
No longer included |
would no longer violate the policy |
To display the policy comparison as report
- Select the Show rule comparison report.
Related topics
