Chat now with support
Chat with Support

Identity Manager 8.0 - Web Portal User Guide

Getting Started Request Attestations Compliance Ownerships
My Responsibilities Delegation Ownerships Auditing Governance Administration
Related Applications Calls Settings... Discovering your Statistics on the Start Page

My Actions

The view My Actions is a submenu item of the Compliance menu. You can execute various actions to do with the compliance items you manage, depending on which entitlements you have been assigned. These actions can be called up over tiles.

Detailed information about this topic

Pending Rule Violations

Some rule violations can be approved as exceptions. You can see violations under your supervision in the menu Pending Rule Violations. The following information is displayed in the corresponding menu.

Table 42: Possible Content of Rule Violations

Display

Description

Employee

Employee who caused the rule violation.

Rule

Violated rule.

Approval state

The status of the approval. Following states are possible.

  • Open
  • Exception granted
  • Exception denied

Approver

Employee who has denied or granted exception approval.

Approval date

Date of the approval decision.

Risk index (calculated)

Shows the calculated risk index.

Risk index (reduced)

Shows the risk index reduced by the mitigating control.

Reason

Shows the manually entered reason added with the exception approval.

Standard reason

Displays a standard reason if one exist and this option was selected.

Valid until

The exception is only valid until this date.

If you are an auditor or an approver, you can obtain more information about exception approvals from the Auditing menu. For more information, see Rule Violations.

To open the "Pending Rule Violations" menu

  • Open the menu Compliance | My Actions and click Pending Rule Violations.
Detailed information about this topic

Approving Exception Approvals

As exception approver, you can grant or deny approval to exception approvals in the menu Pending Rule Violations.

To grant or deny exception approvals

  1. If rules have been violated, open the menu Pending Rule Violations.
  2. Use the filter function in the column Approval state and set the option Approval decision pending.

    Only the rule or policy violations of the selected type are displayed. For more information, see Filter.

  3. Mark the rule violation you want to approve in the list.

    This displays details of the violation in the detailed content view and you can carry out various actions. How you continue, depends on the view you find yourself in.

  4. Perform one of the following tasks.
    1. Use to approve the violation and click Next..
    2. Deny the violation with and click Next.

    Your selected is highlighted.

    This displays the Approval exceptions view.

  5. Perform one of the following tasks.
    1. Enter an reason for your approval decision.
    2. Select a predefined reason.

    NOTE: You can optionally select a predefined text from Standard reasons for all cases still to be approved. Standard reasons are displayed in the approval history and in the case details. For more information about default reasons, see the One Identity Manager Compliance Rules Administration Guide or the One Identity Manager Company Policies Administration Guide.

    NOTE: If you are editing several rule or policy violations at the same time, you can enter a reason for each one individually.

  6. Click Save.

    Your approval decision is saved and the rule or policy violation's status changes accordingly.

Resolving Rule Violations

As exception approver, you can edit violations of rule under your supervision. Rule violations are caused by permissions, so you have the option to remove permissions when you want to resolve one.

You can cancel the resolving process early because it is possible that you have removed other permissions whilst removing the violating permissions.

Permission assignments play and important role when editing rule violations. For example, permissions assigned through a dynamic role cannot be removed.

The following consequences may result from removing permissions:

Table 43: Removing Assigned Permissions

Assignment Method

Removing the Entitlement

Direct assignment

Direct assignment is deleted when the entitlement is removed.

Inherited assignment

The option to withdraw role membership from the employee is offered in the case of inherited permissions.

Dynamic assignment

Permissions cannot be removed if membership is through a dynamic role.

Assignment over IT Shop request

If permissions were assigned through a request, the request is canceled on removal.

Primary Assignment

The option to withdraw primary membership from the employee is offered in the case of permissions assigned through primary assignment.

To resolve a rule violation

  1. Mark the rule violation and click Resolve in the detailed content view.

    This opens the wizard "Resolve a rule violation" listing the permissions that lead to the violation.

  2. Mark the rule violation you want to remove from the employee in the Resolve a rule violation wizard and click Next.

    The objects is displayed with the permissions origin in the wizard's Verify view. The consequences of removing the permissions is displayed in the Action column.

  3. Check whether you really want to delete the permissions and click Next.

    A message is displayed in the Loss of entitlement and the permissions are listed that are affected by removal.

  4. Perform one of the following tasks.
    1. Cancel the resolving process with Cancel or Back.

      All the employee's permissions remain intact.

    2. Continue by clicking Next.

      The employee loses all the permissions that have been listed for resolving the rule violation.

Related Documents