Compliance Rules and Identity Audit
One Identity Manager Users for the Identity Audit
Base Data for Setting up Rules
Mitigating Controls
Rule groups
Compliance Frameworks
Schedules for Checking Rules
Extended Properties and Property Groups
Functional Areas
Attestors
Rule Supervisors
Exception Approvers
Standard Reasons
Setting up a Rule Base
Creating Rules
Rule check
Setting Up a Rule
Risk Assessment
Extended Rule Input
Rule Comparison
IT Shop Properties for a Rule
Additional Tasks for Working Copies
Creating Rule Conditions
Overview of Working Copies
Assigning Compliance Frameworks
Mitigating Controls
Enabling Working Copies
Recalculate
Copy Rule
Comparing a Rule Working Copy with the Original
Maintain Exception Approver
Maintain Rule Supervisors
Enable SQL Definition
Additional Tasks for Rules
Basics for Using the Rule Editor
Specifying the Affected Employee Group
Specifying Affected Entitlements
A Simple Rule Example
Rule Conditions in Advanced Mode
Rule condition as SQL query
Deleting Rules
Checking a Rule
Creating Custom Mail Templates for Notifications
Scheduled Rule Checking
Checking Rule after Modifications
Ad hoc Rule Checking
Speeding up Rule Checking
Rule Check Analysis
Reports about Rule Violations
Granting Exception Approval
Notifications about Rule Violations
Determining Potential Rule Violations
General Master Data for a Mitigating Control
Additional Tasks for Mitigating Controls
Calculating Mitigation
Configuration Parameters for Identity Audit
Extended Rule Input
Extended Rule Input
You can enter additional comments about the rule and revision data on the Extended tab..
| Property | Description |
|---|---|
| Rule number | Additional name for the rule. |
| Implementation notes | Spare text box for additional explanation. You can use implementation notes to enter explanations about the content of the rule condition, for example. |
| Test schedule |
Schedule for starting rule checks on a regular basis. The schedule "default schedule compliance rule check" is assigned by default. You can assign your own schedule. |
| Fill schedule |
Schedule, which starts recalculation of the auxiliary tables for rule checking. The schedule "default schedule compliance rule fill" is assigned by default. You can assign your own schedule. |
| Status | Rule status with respect to its audit status. |
| Auditor | Person that audited the rule the last time. |
| Date of Audit | Date of last rule audit. |
| Audit remarks | Remarks referring to the audit, for example, results that might be important for the next audit. |
Related Topics
Rule Comparison
Rule Comparison
You can compare the results of a working copy with the original rule. The comparison values are then displayed on the Rule comparison tab on the master data form.
| Rule violations | Lists all employees for whom the rule, due to the change is |
|---|---|
| Newly added | violated for the first time |
| Identical | still being violated |
| No longer included | no longer violated |
|
|
TIP: All working copies with a different condition to that of the original rule are displayed in Identity audit | Rules | Working copies of rules | Modified working copies. |
Detailed information about this topic
IT Shop Properties for a Rule
Compliance Rules and Identity Audit > Setting up a Rule Base > Creating Rules > IT Shop Properties for a Rule
IT Shop Properties for a Rule
| Configuration Parameter | Meaning if Set |
|---|---|
| QER\ComplianceCheck\EnableITSettingsForRule | IT Shop properties for the compliance rule are visible and can be edited. |
You can integrate checking of requests for rule compliance into approval workflows in IT Shop. On the propertiesIT Shop tab, specify how violations of this rule should be handled within an approval process for IT Shop requests.
|
|
NOTE: This tab is only shown when the rule condition is created in the simplified version. For more information, see Creating Rule Conditions. |
To enter IT Shop properties for a rule
- Set the configuration parameter "QER\ComplianceCheck\EnableITSettingsForRule" in the Designer.
- Enable the option Rule for cyclical testing and risk analysis on the rule's master data form on the General tab in the IT Shop.
- Select the tab IT Shop properties.
- Edit the master data.
- Save the changes.
| Property | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Identifying a Rule Violation | Specify which rule violations are logged.
| ||||||||
| Explicit Exception Approval | Specifies whether exception approvals are presented again or whether existing exception approvals should be reused.
|
Additional Tasks for Working Copies
Compliance Rules and Identity Audit > Setting up a Rule Base > Creating Rules > Additional Tasks for Working Copies
After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.