The view My Actions is a submenu item of the Compliance menu. You can execute various actions to do with the compliance items you manage, depending on which entitlements you have been assigned. These actions can be called up over tiles.
Some rule violations can be approved as exceptions. You can see violations under your supervision in the menu Pending Rule Violations. The following information is displayed in the corresponding menu.
Display |
Description |
---|---|
Employee |
Employee who caused the rule violation. |
Rule |
Violated rule. |
Approval state |
The status of the approval. Following states are possible.
|
Approver |
Employee who has denied or granted exception approval. |
Approval date |
Date of the approval decision. |
Risk index (calculated) |
Shows the calculated risk index. |
Risk index (reduced) |
Shows the risk index reduced by the mitigating control. |
Reason |
Shows the manually entered reason added with the exception approval. |
Standard reason |
Displays a standard reason if one exist and this option was selected. |
Valid until |
The exception is only valid until this date. |
If you are an auditor or an approver, you can obtain more information about exception approvals from the Auditing menu. For more information, see Rule Violations.
To open the "Pending Rule Violations" menu
As exception approver, you can grant or deny approval to exception approvals in the menu Pending Rule Violations.
To grant or deny exception approvals
Only the rule or policy violations of the selected type are displayed. For more information, see Filter.
This displays details of the violation in the detailed content view and you can carry out various actions. How you continue, depends on the view you find yourself in.
Your selected is highlighted.
This displays the Approval exceptions view.
|
NOTE: You can optionally select a predefined text from Standard reasons for all cases still to be approved. Standard reasons are displayed in the approval history and in the case details. For more information about default reasons, see the One Identity Manager Compliance Rules Administration Guide or the One Identity Manager Company Policies Administration Guide. |
|
NOTE: If you are editing several rule or policy violations at the same time, you can enter a reason for each one individually. |
Your approval decision is saved and the rule or policy violation's status changes accordingly.
As exception approver, you can edit violations of rule under your supervision. Rule violations are caused by permissions, so you have the option to remove permissions when you want to resolve one.
You can cancel the resolving process early because it is possible that you have removed other permissions whilst removing the violating permissions.
Permission assignments play and important role when editing rule violations. For example, permissions assigned through a dynamic role cannot be removed.
The following consequences may result from removing permissions:
Assignment Method |
Removing the Entitlement |
---|---|
Direct assignment |
Direct assignment is deleted when the entitlement is removed. |
Inherited assignment |
The option to withdraw role membership from the employee is offered in the case of inherited permissions. |
Dynamic assignment |
Permissions cannot be removed if membership is through a dynamic role. |
Assignment over IT Shop request |
If permissions were assigned through a request, the request is canceled on removal. |
Primary Assignment |
The option to withdraw primary membership from the employee is offered in the case of permissions assigned through primary assignment. |
To resolve a rule violation
This opens the wizard "Resolve a rule violation" listing the permissions that lead to the violation.
The objects is displayed with the permissions origin in the wizard's Verify view. The consequences of removing the permissions is displayed in the Action column.
A message is displayed in the Loss of entitlement and the permissions are listed that are affected by removal.
All the employee's permissions remain intact.
The employee loses all the permissions that have been listed for resolving the rule violation.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy