Company policy attestors
NOTE: This function is only available if the Attestation Module is installed.
Employees that can be used to attest attestation procedures can be assigned to company policies. To do this, assign the company policies to application roles for attestors. Assign employees to this application role who are authorized to attest company policies. For more information about attestation, see the One Identity Manager Attestation Administration Guide.
A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.
Table 4: Default application roles for attestors
Company policy attestors |
Attestors must be assigned to the Identity & Access Governance | Company policies | Attestors application role.
Users with this application role:
NOTE: This application role is available if the module Attestation Module is installed. |
To add employees to default application roles for attestors
-
In the Manager, select the Company Policies > Basic configuration data > Attestors category.
-
Select the Assign employees task.
-
In the Add assignments pane, add employees.
TIP: In the Remove assignments pane, you can remove assigned employees.
To remove an assignment
- Save the changes.
Policy supervisors for company policies
Employees who are responsible for the contents of company policies can be assigned to these company policies. To do this, assign an application role for policy supervisors to a company policy on the main data form.
A default application role for policy supervisors is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.
Table 5: Default application role for rule supervisors
Policy supervisors |
Policy supervisors must be assigned to the Identity & Access Governance | Company policies | Policy supervisors application role or another child application role.
Users with this application role:
-
Are responsible for the contents of company policies.
-
Edit working copies of company policies.
-
Enable and disable company policies.
-
Can calculation policies and view policy violations if required.
-
Assign mitigating controls. |
To add employees to the default application for rule supervisors
-
In the Manager, select the Company Policies > Basic configuration data > Policy supervisors category.
-
Select the Assign employees task.
-
In the Add assignments pane, add employees.
TIP: In the Remove assignments pane, you can remove assigned employees.
To remove an assignment
- Save the changes.
Related topics
Exception approvers for policy violations
Employees who can issue exception approvals for policy violations can be assigned to company policies. To do this, assign an application role for exception approvers to a company policy on the main data form.
A default application role for exception approvers is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.
Table 6: Default application role for exception approvers
Exception approvers |
Exception approvers must be assigned to the Identity & Access Governance | Company policies | Exception approvers application role or a child application role.
Users with this application role:
|
To add employees to default application roles for exception approvers
-
In the Manager, select the Company Policies > Basic configuration data > Exception approvers category.
-
Select the Assign employees task.
-
In the Add assignments pane, add employees.
TIP: In the Remove assignments pane, you can remove assigned employees.
To remove an assignment
- Save the changes.
Related topics
Standard reasons for policy violations
For exception approvals, you can specify reasons in the Web Portal that explain the individual approval decisions. You can freely formulate this text. You also have the option to predefine reasons. The exception approvers can select a suitable text from these standard reasons in the Web Portal and store it with the policy violation.
To create or edit standard reasons
-
In the Manager, select the Company Policies > Basic configuration data > Standard reasons category.
-
Select a standard reason in the result list and run the Change main data task.
- OR -
Click in the result list.
-
Edit the main data of a standard reason.
- Save the changes.
Enter the following properties for the standard reason.
Table 7: General main data of a standard reason
Standard reason |
Reason text as displayed in the Web Portal. |
Description |
Text field for additional explanation. |
Automatic Approval |
Specifies whether the reason text is only used for automatic approvals by One Identity Manager for policy violations. This standard reason cannot be selected by exception approvals in the Web Portal.
Do not set the option if the you want to select the standard reason in the Web Portal. |
Additional text required |
Specifies whether an additional reason should be entered in free text for the exception approval. |
Usage type |
Usage type of standard reason. Assign one or more usage types to allow filtering of the standard reasons in the Web Portal. |
Related topics