As exception approver, you can grant or deny exception approval to rule violations.
To make an approval decision about a rule violation
-
In the menu bar, click Compliance > My Actions.
-
On the My Actions page, click Pending Rule Violations.
-
On the Pending Rule Violations page, perform one of the following actions:
-
To grant an exception for a rule violation, click 
(Grant exception).
-
To deny an exception for a rule violation, click 
(Deny exception).
-
(Optional) To set an approval deadline, perform the following actions:
-
In the list, click the role violation for which you want to set an approval deadline.
-
In the details pane, enter the Valid until date.
-
Click Next.
-
(Optional) On the Exception Approvals page, perform the following actions:
TIP: By giving reasons, your approvals are more transparent and support the audit trail.
NOTE: For more detailed information about standard reasons, see the One Identity Manager Compliance Rules Administration Guide.
-
Click Save.
Related topics
You can resolve compliance rule violations that you manage. Rule violations are caused by permissions, so you have the option to remove permissions when you want to resolve one.
Permission assignments play and important role when editing rule violations. For example, permissions assigned through a dynamic role cannot be removed.
The following consequences may result from removing permissions:
Table 22: Removing assigned permissions
|
Direct assignment |
Direct assignment is deleted when the entitlement is removed. |
|
Inherited assignment |
In the case of inherited permissions, there is an option provided to withdraw role membership from the identity. |
|
Dynamic assignment |
Permissions assigned through a dynamic role cannot be removed. |
|
Assignment by request |
If permissions were assigned through a request, the request ends if the permissions are removed. |
|
Primary assignment |
If permissions were assigned through a primary membership, the identity of the primary membership can be optionally revoked if the permissions are removed. |
To resolve a rule violation
-
In the menu bar, click Compliance > My Actions.
-
On the My Actions page, click Pending Rule Violations.
-
On the Pending rule violations page, click the rule violation you would like to resolve.
-
In the details pane, click Resolve.
This opens the Resolve a rule violation dialog and with more details about the rule violation and the permissions that lead to the rule violation.
-
Select the check box next to the permission that you want to be revoked.
-
Click Next.
-
In the Verify step, check the changes to be made.
TIP: The Action column show the consequences of revoking.
-
Click Next.
-
In the Loss of entitlements step, check which permissions are to be revoked to avoid losing permissions accidentally.
-
Click Next.
All permissions that were displayed for resolving the rule violation are withdrawn from the identity.
Related topics
To monitor your approval decisions about rule violations, you can see the approval decisions.
To display the rule violations history
-
In the menu bar, click Compliance > My Actions.
-
On the My Actions page, click Rule Violation History.
This opens the Rule Violation History page (see Rule Violation History (page description)).
Related topics
Policies that are violated generate policy violations. Policy violations may be approved as an exception. Policy violations that you can approve are displayed on the Pending Policy Violations page (see Pending policy violations (page description)).
Detailed information about this topic
