Chat now with support
Chat with Support

Identity Manager 8.0 - Web Portal User Guide

Getting Started Request Attestations Compliance Ownerships
My Responsibilities Delegation Ownerships Auditing Governance Administration
Related Applications Calls Settings... Discovering your Statistics on the Start Page

Rule Violations

NOTE: This function is only available if the module Company Policies Module or Compliance Rules Module is installed.

All employees that have violated rules are displayed under Rule Violations. The Auditing - Rule Violations view shows you all rule violations within a selected time period. Rule violations that have been granted or denied exceptions or are pending, are shown in the Pending Rule Violations menu.

Some functions have already been described in the menu Pending Rule Violation. You can find all the executable functions in the menu listed under "Detailed information about this topic".

To open the "Rule Violations" menu

  • Open the menu Compliance | Auditing and click Rule Violations.
Detailed information about this topic

Policy Violations

NOTE: This function is only available if the module Company Policies Module or Compliance Rules Module is installed.

All employees that have violated policies are displayed under Policy Violations. The Auditing - Policy Violations view shows you all rule violations within a selected time period. Policy violations that have been granted or denied exceptions or are pending, are shown in the Pending Policy Violations menu.

Some functions have already been described in the menu Pending Rule Violation. You can find all the executable functions in the menu listed under "Detailed information about this topic".

To open the "Policy Violations" menu

  • Open the menu Compliance | Auditing and click Policy Violations.
Detailed information about this topic

Governance Administration

NOTE: This function is only available if the module Compliance Rules Module, Governance Base Module, Company Policies Module or Attestation Module is installed.

Companies have different requirements that they need for regulating internal and external employee access to company resources. On the one hand, rules are used for locating rule violations and on the other hand, to prevent them. They may also have to demonstrate that they adhere to legislated regulations such as SOX (Sarbanes-Oxley Act). The following demands are made on compliance.

  • Rule define to what permissions the employee has or otherwise. For example, a rule could prevent an employee from owning entitlement B if they already have entitlement A.
  • Policies are very flexible, and can be defined around anything you are managing with the Manager. For example, a policy could state that only managers in the HR department can have full control over a share on a file share that contains sensitive information.
  • Each item to which an employee has access can be given a risk value. A risk index can be calculated for employees, accounts, organization, roles and for the groups of resources available for request. You can then use the risk indexes to help prioritize your compliance activities.

Some rules are preventative - a request will not be processed if it is in violation, unless exception approvals are specifically allowed, and an approver allows it. Rules (if appropriate) and policies are run on a regular schedule, and violations appear on the appropriate employee’s Web Portal for handling. Policies may have associated mitigations, which are processes that an employee can do outside of the One Identity Manager solution to reduce the risks posed by the violation. Reports and dashboards give you further insights into your state of compliance. For more information, see What Statistics are Available?.

Which information you see in the Compliance menu, depends heavily on your role. If you do not see a menu item that you think you should, contact your system administrator. The following overview shows which view you can see for which user roles.

Table 45: View in the "Compliance" Menu

View

Description

Roles

High Risk Overview

Provides an overview of critical objects. The overview is divided into several parts.

Compliance & Security Officer

Compliance Frameworks

Provided details about the compliance frameworks in your environment.

Compliance framework administrator

Rule violations

Provides reports on employees who violate policies.

Framework administrator, rule supervisor and rule exception approver

Policy violations

Provides reports on objects which violate policies.

Framework administrator, policy supervisor and rule exception approver

Rule analysis

Identifies employees who are in violation of rules related to SAP functions. You must configure SAP authorizations for testing. For more detailed information about SAP R/3 Compliance Add-on, see the One Identity Manager Identity Management Base Module Administration Guide.

NOTE: the calculation of SAP functions must be activated by an manager.

Compliance framework administrator

Function analysis

Specifies employees whose access to high risk SAP function violates the rules.

NOTE: the calculation of SAP functions must be activated by an manager.

Rule supervisor

Detailed information about this topic

Risk Assessment

Risk assessment is an important part of compliance. For example, high risk rule violations are more likely to require mitigations, or have fewer exception approvers. In the One Identity Manager, risk data is gathered from a variety of sources, and then calculations are performed to produce risk indexes. Every item within the One Identity Manager can be assigned a risk value. If you own resources, you maybe able to modify their risk values in the Master Data. For more information, see For more information, see Master Data..

In the Risk Assessment view, you can modify the risk index functions that are used to calculate these indexes. Risk indexes are calculated for employees, user accounts, system roles, IT Shop structures, organizations and business roles.

There are four calculation types that can be used. Choose the one that best fits the desired impact on risk for the risk index function you are modifying.

Table 46: Calculation Types

Calculation type

Description

Maximum (weighted)

The highest value from all relevant risk indexes is calculated, weighted and taken as basis for the next calculation.

Maximum (normalized)

The highest value from all relevant risk indexes is calculated, weighted with the normalized weighting factor and taken as basis for the next calculation.

Increment

The risk index of Table column (target) is incremented by a fixed value. This value is specified in Weighting/Change value.

Decrement

The risk index of Table column (target) is decremented by a fixed value. This value is specified in Weighting/Change value.

Average(weighted)

The average of all relevant risk indexes is calculated, weighted and taken as basis for the next calculation.

Average(normalized)

The average of all relevant risk indexes is calculated with the normalized weighting factor and taken as basis for the next calculation.

Reduction

Used when calculating the reduced risk index for rules, SAP functions, company policies and attestation policies. You cannot add custom functions with this calculation type!

You can assign a weight to the calculation, which determines how much the result of a particular function affects the overall risk index. You can view high risk objects in the view High Risk Overview. For more information, see What Statistics are Available?.

To edit a risk index function

  1. Open the menu Compliance | Governance Administration and click Risk Assessment.
  2. Mark the risk assessment function you want to view.
  3. Click and select the calculation type in the dialog box, <Object type name>.
  4. Perform one of the following tasks.
    1. Use the slider to set a value between 0 and 1 on the Weighting/Change value scale.

      - OR -

    2. Check the Disabled box if you do not want to use the risk index function.

      - OR -

    3. Uncheck the Disabled box to use the risk index function again.
  5. Click Save.

Related Documents