Chat now with support
Chat with Support

Identity Manager 8.0 - Company Policies Administration Guide

Company Policies
One Identity Manager Users for Company Policies Base Data for Company Policies Defining Company Policies Checking Company Policies Creating Custom Mail Templates for Notifications
Mitigating Controls General Configuration Parameter for Company Policies

Setting Up and Editing Company Policies

Setting Up and Editing Company Policies

A working copy is added for every company policy. Edit the working copies to create company policies and change them. Changes to the company policy do not take effect until the working copy is enabled.

NOTE: One Identity Manager users with the application role Identity & Access Governance | Identity Audit | Policy supervisors can edit existing working copies that they are entered as being responsible for in the master data.

To create a new company policy

  1. Select the category Company Policies | Policies.
  2. Click in the result list toolbar.

  3. Enter the company policy's master data.
  4. Save the changes.

    This adds a working copy.

  5. Select Enable working copy from the task view. Confirm the security prompt with OK.

    An active company policy is added. The working copy is retained and can be used to make changes later.

To edit an existing company policy

  1. Select the category Company Policies | Policies.
    1. Select the company policy in the result list.
    2. Select Create copy in the task view.

      The data from the existing working copy are overwritten by the data from the original company policy after a security prompt. The working copy is opened and can be edited.

    - OR -

    Select the category Company policies | Policies | Working copies of policies.

    1. Select the working copy in the result list.
    2. Select Change master data in the task view.
  2. Edit the working copy's master data.
  3. Save the changes.
  4. Select Enable working copy from the task view. Confirm the security prompt with OK.

    Changes to the working copy are transferred to the company policy. This can reenable a disabled company policy if required.

General Master Data for Company Policies

General Master Data for Company Policies

Enter the following data for a company policy.

Table 11: General Master Data for Company Policies

Property

Description

Policy

Name of the company policy.

Description

Spare text box for additional explanation.

Main version number

Current state of the company policy as a version number. The version number is incremented in One Identity Manager's default installation each time you make a change to the condition.

Working copy

Specifies whether this is a working copy of the company policy.

Disabled

Specifies whether the company policy is disabled or not.

Only company policies that are enabled are included in policy checking. Use the tasks Enable policy or Disable policy to enable or disable a company policy. The working copy company policy is always disabled.

Policy group

Policy group to which the company policy belongs, based on its content. Select a policy group from the menu. To create a new policy group, click . Enter a name and description for the policy group.

Manager / supervisors

Application role whose members are responsible for the company policy, in terms of content.

To create a new application role, click . Enter the application role name and assign a parent application role.

Exception approval allowed

Specifies whether exception approval is permitted when the policy is violated. Assignments that cause the policy to be violated can be approved and issued anyway with this.

Exception approver

Application role, whose members are entitled to grant exception approval for violations to this company policy.

To create a new application role, click . Enter the application role name and assign a parent application role.

Exception approvers info

Information, which the exception approver may require for making a decision. This advice should describe the risks and side effects of an exception.

Attestors

Applications role whose members are authorized to approve attestation cases for company policies and policy violations.

To create a new application role, click . Enter the application role name and assign a parent application role.

Without condition

Specifies whether the company policy a direct relationship to the One Identity Manager data model or not. If this option is set, the button Edit condition... is disabled.

If the option is not set, a condition must be entered that finds all the objects that violate the policy.

Base table

Base table referenced by the company policy.

Based on this table, the system determines which objects violate the company policy.

Edit connection...

Starts the WHERE clause wizard. Use the WHERE clause wizard to set up a condition that finds all the objects in the base table that violate the company policy. Use the Expert view button enter the condition in SQL syntax straight away.

Condition

Data query that finds all the objects that violate the company policy. This option is only available if the task Show condition has been run beforehand.

Detailed information about this topic
Related Topics
  • One Identity Manager User Guide for One Identity Manager Tools User Interface and Default Functions

Risk Assessment

Risk Assessment

Table 12: Configuration Parameter for Risk Assessment
Configuration parameter Active Meaning
QER\CalculateRiskIndex Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.

If the parameter is set, values can be entered and calculated for the risk index.

You can use One Identity Manager to evaluate the risk of policy violations. To do this, enter a risk index for the company policy. The risk index specifies the risk involved for the company if the company policy is violated. The risk index is given as a number in the range 0-1. By doing this you specify whether a policy violation is not considered a risk for the company (risk index = 0) or whether every policy violation poses a problem (risk index = 1).

You can use the Report Editor to assess policy violations depending on the risk index by creating various reports.

To assess the risk of a policy violation enter values for grading company policies on the Assessment criteria tab.

Table 13: Assessment Criteria for a Rule
Property Description
Severity level Specifies the impact on the company of violations to this company policy. Use the slider to enter a value between 0 and 1.

0 ... no impact

1 ... every policy violation is a problem.

Significance Provides a verbal description of the impact on the company of violations to this company policy. In the default installation value list is displayed with the entries {NONE, ‘low’, ‘average’, ‘high’, ‘critical’}.
Risk index Specifies the risk for the company of violations to this company policy. Use the slider to enter a value between 0 and 1.

0 ... no risk

1 ... every rule violation is a problem.

This property is only visible when the configuration parameter QER\CalculateRiskIndex is set.

Risk index (reduced) Show the risk index taking mitigating controls into account. The risk index for a company policy is reduced by the significance reduction value for all assigned mitigating controls. The risk index (reduced) is calculated for the original company policy. To copy the value to a working copy, run the task Create working copy.

This property is only visible when the configuration parameter QER\CalculateRiskIndex is set. The value is calculated by One Identity Manager and cannot be edited.

transparency index Specifies how traceable assignments are that are checked by this company policy. Use the slider to enter a value between 0 and 1.

0 ... no transparency

1 ... full transparency

Max. number of rule violations Number of policy violations allowed for this company policy.
Detailed information about this topic
  • Mitigating Controls
  • One Identity Manager Risk Assessment Administration Guide
  • Report Editor in the One Identity Manager Configuration Guide
Related Topics

Extended Company Policy Data

Extended Company Policy Data

You can enter additional comments about the company policy and revision data on the Extended tab.

Table 14: General Master Data for Company Policies
Property Description
Policy number Additional identifier for the company policy.
Implementation notes Spare text box for additional explanation. You can use implementation notes to enter explanations about the content of the policy condition, for example.
Status Status of the company policy with respect to its audit status.
Calculation schedule

Schedule for starting policy checks on a regular basis.

The schedule "default schedule policies" is assigned by default. You can assign your own schedule.

Related Topics
Related Documents