To test a rule, processing tasks are created for the DBQueue Processor. The DBQueue Processor determines for each rule, which employees have violated the rule. Follow-up tasks assign the associated rule violation object to employees that have violated a rule. The specified rule approvers can test rule violations and if necessary grant exception approval.
You can start rule checking in different ways to find the current rule violations in the One Identity Manager database.
Only operational rules are checked during rule checking. Disabled rule are not tested. If a rule is violated, the effected employees are assigned the corresponding object for rule violations. You can check all the rules again for these employees. For more information, see Rule Check Analysis.
In addition to locating existing rule violations, the One Identity Manager can also identify potential violations of IT Shop requests and business roles. For more information, see Determining Potential Rule Violations.
The schedule "default schedule compliance rule check" One Identity Manager is supplied with the default installation to run a complete check of all rules. This schedule generates processing tasks at regular intervals for the DBQueue Processor.
|Configuration parameter||Meaning if Set|
|QER\ComplianceCheck\CalculateImmediately||Processing tasks for recalculating rule violations are immediately started when relevant changes occur.|
A processing task for rule checking is generated the moment an active rule is modified or deleted. All employees are checked to see if they fulfill the affected rule.
When specific changes are made to entitlements, you can immediately queue or schedule the calculation tasks to check the rules. Specify the desired behavior in the configuration parameter "QER\ComplianceCheck\CalculateImmediately". If the parameter is set, the processing task for recalculating rule violation for an employee are immediately queued. If the parameter is not set, the calculation task is started the next time the schedule is planned to run.
To trigger rule checks immediate after relevant changes have been made
The processing task for recalculating rule violations for an employee is immediately started when relevant changes occur.
NOTE: This configuration parameter only applies if data changes are relevant. These include: