Chat now with support
Chat with Support

Identity Manager 8.0 - Compliance Rules Administration Guide

Compliance Rules and Identity Audit
One Identity Manager Users for the Identity Audit Base Data for Setting up Rules Setting up a Rule Base Rule check Creating Custom Mail Templates for Notifications
Mitigating Controls Configuration Parameters for Identity Audit

Ad hoc Rule Checking

Ad hoc Rule Checking

There are several tasks available for a rule, which immediately perform a rule check.

Table 35: Additional Tasks for Rules
Task Description
Recalculate rule All employees are checked to see if they comply to the current rule.
Recalculate for current user All employees are checked to see if they comply to all rules.
Recalculate all All employees are checked to see if they comply to all rules.

Speeding up Rule Checking

Speeding up Rule Checking

Scheduled rule checking can take a long time under certain circumstances. This might be the case, for example, if a lots of rules exist in which the employee group affected is not limited ("This rule is broken by all workers"). One Identity Manager supplies two consistency checks for optimizing performance of the calculation of affected employee groups. This reduces the amount of data in the auxiliary tables.

To optimize rule checking, start these consistency checks and repair the rules which are found.

To run a consistency check

  1. Select the menu item Database | Check data consistency... in the Manager.
  2. Click in the Consistency Editor's toolbar.
  3. Click in the test option dialog box's toolbar.
  4. Enable the tests "Content\Compliance\ComplianceRule change IsPersonStoreInverted to 1" and "Content\Compliance\ComplianceRule change IsPersonStoreInverted to 0".
  5. Click OK.
  6. Run the consistency check for the object "database".
  7. Verify the analysis results.

    TIP: To obtain details of an error message

    1. Select the error message.
    2. Click in the toolbar.
  8. To optimize the rule condition for an affected rule
    1. Select the error message.
    2. Click Repair for both the original and the working copy of the rule.
Detailed information about this topic
  • One Identity Manager User Guide for One Identity Manager Tools User Interface and Default Functions
Related Topics

Rule Check Analysis

Rule Check Analysis

Each rule references its own object for rule violations (table NonCompliance). Employees who violate rules are assigned to this objects (table PersonInNonCompliance). There are two forms available for rule checking that are supposed to answer the following questions:

  • Which employees violate a specific rule?
  • Which rules are violated by a specific employee?

Which employees violate a specific rule?

To display employees that violate a rule

  1. Select the category  Identity Audit | Rule violations.
  2. Select a rule violation in the result list.
  3. Select Show rule violations in the task view.

    This displays all employees assigned to the rule violation.

Table 36: Meaning of Rule Evaluation Icons
Icon Meaning
Employees pending a rule violation decision.
Employees granted exception approval for their rule violation
Employees not granted exception approval for their rule violation
Related Documents