Chat now with support
Chat with Support

Identity Manager 8.0 - Application Roles Administration Guide

Auditors

NOTE: This application role is available if Attestation Module, Compliance Rules Module or Company Policies Module is installed.

Auditors are assigned to the application role Identity & Access Governance | Auditors.

Users with this application role:

  • See the Web Portal all the relevant data for an audit.

Application Roles for Identity Audit

NOTE: This application role is available if the Compliance Rules Module is installed.

The following application roles are available for managing compliance rule:

Table 2: Application Roles
Application Role Description

Administrators

Administrators must be assigned to the application role Identity & Access Governance | Identity Audit | Administrators.

Users with this application role:

  • Enter base data for for setting up company policies.
  • Create compliance rules and assign rule supervisors to them.
  • Can start rule checking and view rule violations as required.
  • Create reports about rule violations.
  • Enter mitigating controls.
  • Create and edit risk index functions.
  • Monitor Identity Audit functions.
  • Administer application roles for rule supervisors, exception approvers and attestors.
  • Set up other application roles as required.

Rule supervisors

 

Rule supervisors must be assigned to the application role Identity & Access Governance | Identity Audit | Rule supervisors or to a child role.

Users with this application role:

  • Are responsible for compliance rule content, for example, an auditor or a auditing department.
  • Edit the compliance rule working copies, which are assigned to the application role.
  • Enable and disable compliance rules.
  • Can start rule checking and view rule violations as required.
  • Assign mitigating controls.

Exception approver

 

Administrators must be assigned to the application role Identity & Access Governance | Identity Audit | Exception approvers or to a child role.

Users with this application role:

  • Edit rule violations in the Web Portal.
  • Can grant exception approval or revoke it in the Web Portal.

Attestors

 

Attestors must be assigned to the application role Identity & Access Governance | Identity Audit | Attestors.

Users with this application role:

  • Attest compliance rules and exception approvals in the Web Portal for which they are responsible.
  • Can view master data for these compliance rules but not edit them.

Note: This application role is available if the module Attestation Module is installed.

Maintain SAP Functions

Administrators must be assigned to the application role Identity & Access Governance | Identity Audit | Maintain SAP functions or to a child role.

Users with this application role:

  • Are responsible for SAP function contents.
  • Edit working copies of function definitions for which they are responsible.
  • Define function instances and variables sets for SAP functions.
  • Assign mitigating controls.

Note: This application role is available if the module SAP R/3 Compliance Add-on Module is installed.

Application Roles for Company Policies

NOTE: This application role is available if the Company Policies Module is installed.

The following application roles are available for managing company policies:

Table 3: Application Roles
Application Role Description

Administrators

 

Administrators must be assigned to the application role Identity & Access Governance | Company policies | Administrators.

Users with this application role:

  • Enter base data for for setting up company policies.
  • Set up policies and assign policy supervisors to them.
  • Can calculation policies and view policy violations if required.
  • Set up reports about policy violations.
  • Enter mitigating controls.
  • Create and edit risk index functions.
  • Administer application roles for policy supervisors, exception approvers and attestors.
  • Set up other application roles as required.

Policy supervisors

 

Policy supervisors must be assigned to the application role Identity & Access Governance | Company policies | Policy supervisors or another child application role.

Users with this application role:

  • Are responsible for the contents of company policies.
  • Edit working copies of company policies.
  • Enable and disable company policies.
  • Can calculation policies and view policy violations if required.
  • Assign mitigating controls.

Exception approver

 

Users with this application role:

Exception approvers must be assigned to the application role Identity & Access Governance | Company policies | Exception approvers or to a child role.

Users with this application role:

  • Edit policy violations.
  • Can grant exception approval or revoke it.

Attestors

 

Attestors must be assigned to the application role Identity & Access Governance | Company policies | Attestors.

Users with this application role:

  • Attest company policies and exception approvals in the Web Portal for which they are responsible.
  • Can view the master data for these company policies but not edit them.

Note: This application role is available if the module Attestation Module is installed.

Application Roles for Attestation

Note: This application role is available if the module Attestation Module is installed.

The following application role is available for managing attestation procedures:

Table 4: Application Roles
Application Role Description

Administrators

 

Administrators are assigned to the application roles Identity & Access Governance | Attestation | Administrators.

Users with this application role:

  • Define attestation procedures and attestation policies.
  • Create approval policies and approval workflows.
  • Specify which approval procedure to use to find attestors.
  • Set up attestation case notifications.
  • Configure attestation schedules.
  • Enter mitigating controls.
  • Create and edit risk index functions.
  • Monitor attestation cases.
Chief approval team

The chief approver must be assigned to the application role Identity & Access Governance| Attestation | Chief approval team.

Users with this application role:

  • Approve using attestation cases.
  • Assign attestation cases to other attestors.

NOTE: Attestors in charge are determined through approval procedures. Other application roles may be applied here. Application roles for attestors are defined in different module and are available if the Attestation Module is installed.
Related Documents