Chat now with support
Chat with Support

Identity Manager 8.1.5 - Web Portal User Guide

Getting started Security keys (WebAuthn) Requests Attestation Compliance Responsibilities
My responsibilities
Employees System entitlements Business roles System roles Departments Cost centers Locations Application roles Resources Assignment resources Multi-request resources Multi-requestable/unsubscribable resources Software Devices Adding tags for service items
Task delegation Ownerships Auditing Governance administration
Applications Calls Settings Discovering your statistics on the start page

Resolving rule violations

As exception approver, you can edit violations of rule under your supervision. Rule violations are caused by permissions, so you have the option to remove permissions when you want to resolve one.

You can cancel the resolving process early because it is possible that you have removed other permissions whle removing the violating permissions.

Permission assignments play and important role when editing rule violations. For example, permissions assigned through a dynamic role cannot be removed.

The following consequences may result from removing permissions:

Table 41: Removing assigned permissions

Assignment Method

Removing the Entitlement

Direct assignment

Direct assignment is deleted when the entitlement is removed.

Inherited assignment

The option to withdraw role membership from the employee is offered in the case of inherited permissions.

Dynamic assignment

Permissions cannot be removed if membership is through a dynamic role.

Assignment over IT Shop request

If permissions were assigned through a request, the request is canceled on removal.

Primary Assignment

The option to withdraw primary membership from the employee is offered in the case of permissions assigned through primary assignment.

To resolve a rule violation

  1. Mark the rule violation and click Resolve.

    This opens the wizard "Resolve a rule violation", listing the permissions that led to the violation.

  2. Mark the rule violation you want to remove from the employee in tResolve a rule violation and click Next.

    The objects is displayed with the permissions origin in Verify. The consequences of removing the permissions is displayed in Action.

  3. Check whether you really want to delete the permissions and click Next.

    A message is displayed in Loss of entitlement and the permissions are listed that are affected by removal.

  4. Perform one of the following tasks.
    1. To cancel the resolution of rule violations, choose Cancel or Back.

      All the employee's permissions remain intact.

    2. To continue with the resolution of the rule violation, choose Continue.

      All permissions that were displayed for resolving the rule violation are withdrawn from the employee.

Rule violation history

You can view exception approvals that you have dealt with in the Rule Violation History menu.

To view the history of your exception decisions

  1. Open Rule Violation History for rule exceptions.

  2. Use the filter function in the Approval state column and set the option Exception granted or Exception denied.

    Only historical rule or policy violations of the selected type are displayed. For more information, see Filter.

  3. Select the rule or policy violation in the list.

    You can view more information in the detailed content view.

Detailed information about this topic

Pending policy violations

Some policy violations can be approved as exceptions. You can see violations under your supervision in Pending Policy Violations. The following information is displayed in the corresponding menu.

Table 42: Managing rule and policy violations

Display

Description

Violating object

Object, which caused the violation.

Policy

Violated policy.

Status

The status of the approval. Following states are possible.

  • Open
  • Exception granted
  • Exception denied

Approver

Employee who has denied or granted exception approval.

Approval date

Date of the approval decision.

Risk index (calculated)

Shows the calculated risk index.

Risk index (reduced)

Shows the risk index reduced by the mitigating control.

Reason

Shows the manually entered reason added with the exception approval.

Standard reason

Displays a standard reason if one exist and this option was selected.

Valid until

The exception is only valid until this date.

If you are an auditor or an approver, you can obtain more information about exception approvals from Auditing. For more information, see Rule violations..

Some functions have already been described in the menu Pending rule violations. You can find all the functions available in this menu listed under "Detailed information about this topic".

To open the "Pending Policy Violations" menu

  • Open Compliance | My Actions and click Pending Policy Violations.
Detailed information about this topic

Policy violations

To view the history of your exception decisions

  1. Open Policy Violation History for policy exceptions.

  2. Use the filter function in the Status column and set the option Exception granted or Exception denied.

    This limits the list of historical policy violations displayed to the selected option. For more information, see Filter.

  3. Select a policy violation from the list.

    You can view more information in the detailed content view.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating