Chat now with support
Chat with Support

Identity Manager 8.0 - Compliance Rules Administration Guide

Compliance Rules and Identity Audit
One Identity Manager Users for the Identity Audit Base Data for Setting up Rules Setting up a Rule Base Rule check Creating Custom Mail Templates for Notifications
Mitigating Controls Configuration Parameters for Identity Audit

Extended Rule Input

Extended Rule Input

You can enter additional comments about the rule and revision data on the Extended tab..

Table 17: Extended Master Data for a Rule
Property Description
Rule number Additional name for the rule.
Implementation notes Spare text box for additional explanation. You can use implementation notes to enter explanations about the content of the rule condition, for example.
Test schedule

Schedule for starting rule checks on a regular basis.

The schedule "default schedule compliance rule check" is assigned by default. You can assign your own schedule.

Fill schedule

Schedule, which starts recalculation of the auxiliary tables for rule checking.

The schedule "default schedule compliance rule fill" is assigned by default. You can assign your own schedule.

Status Rule status with respect to its audit status.
Auditor Person that audited the rule the last time.
Date of Audit Date of last rule audit.
Audit remarks Remarks referring to the audit, for example, results that might be important for the next audit.
Related Topics

Rule Comparison

Rule Comparison

You can compare the results of a working copy with the original rule. The comparison values are then displayed on the Rule comparison tab on the master data form.

Table 18: Results of a Rule Comparison
Rule violations Lists all employees for whom the rule, due to the change is
Newly added violated for the first time
Identical still being violated
No longer included no longer violated

TIP: All working copies with a different condition to that of the original rule are displayed in Identity audit | Rules | Working copies of rules | Modified working copies.
Detailed information about this topic

IT Shop Properties for a Rule

IT Shop Properties for a Rule

Table 19: Configuration Parameter for IT Shop Relevant Properties
Configuration Parameter Meaning if Set
QER\ComplianceCheck\EnableITSettingsForRule IT Shop properties for the compliance rule are visible and can be edited.

You can integrate checking of requests for rule compliance into approval workflows in IT Shop. On the propertiesIT Shop tab, specify how violations of this rule should be handled within an approval process for IT Shop requests.

NOTE: This tab is only shown when the rule condition is created in the simplified version. For more information, see Creating Rule Conditions.

To enter IT Shop properties for a rule

  1. Set the configuration parameter "QER\ComplianceCheck\EnableITSettingsForRule" in the Designer.
  2. Enable the option Rule for cyclical testing and risk analysis on the rule's master data form on the General tab in the IT Shop.
  3. Select the tab IT Shop properties.
  4. Edit the master data.
  5. Save the changes.
Table 20: IT Shop Properties
Property Description
Identifying a Rule Violation Specify which rule violations are logged.
Table 21: Permitted Value
Value Description
New rule violation due to a request Only rule violations that are added through approval of the current request are logged.
Unapproved exception Rule violations that are added through approval of the current request are logged. Already known rule violations that have not yet been granted an exception are also logged.
Any compliance violation All rule violations are logged, independent of whether an exception approval has already been granted or not.

This value is automatically set when the option Explicit exception approval is enabled.

Explicit Exception Approval Specifies whether exception approvals are presented again or whether existing exception approvals should be reused.
Table 22: Permitted Value
Option is Description
Enabled A known rule violation must always be presented for exception approval, even if there is an exception approval from a previous violation of the rule.
Disabled A known rule violation is not presented again for exception approval, if there is an exception approval from a previous violation of the rule. This exception approval is reused and the known rule violation is automatically granted exception.

Additional Tasks for Working Copies

After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.

Related Documents