Chat now with support
Chat with Support

Identity Manager 8.1.4 - Compliance Rules Administration Guide

Compliance rules and identity audit
One Identity Manager users for identity audit Basic data for setting up rules Setting up a rule base rule check Creating custom mail templates for notifications
Mitigating controls Configuration parameters for Identity Audit

Extended rule input

You can enter additional comments about the rule and revision data on the Extended tab.

Table 17: Extended master data for a rule
Property Description
Rule number Additional name for the rule.
Implementation notes Text field for additional explanation. You can use implementation notes to enter explanations about the content of the rule condition, for example.
Test schedule

Schedule for starting rule checks on a regular basis.

By default, the Compliance rule check schedule is assigned but you can assign your own schedule.

Fill schedule

Schedule, which starts recalculation of the auxiliary tables for rule checking.

By default, the Fill compliance rule objects schedule is assigned but you can assign your own schedule.

Status Rule status with respect to its audit status.
Auditor Person that audited the rule the last time.
Date of Audit Date of last rule audit.
Audit remarks Remarks referring to the audit, for example, results that may be important for the next audit.
Related topics

Rule comparison

You can compare the results of a working copy with the original rule. The comparison values are then displayed on the Rule comparison tab on the master data form.

Table 18: Results of a rule comparison
Rule violations Lists all employees who, as a result of the change, would (not) violate the rule as follows
Newly added Violate the rule for the first time
Identical Still violate the rule
No longer included Do not violate the rule anymore
TIP: All working copies with a different condition to that of the original rule are displayed in the Identity audit | Rules | Working copies of rules | Modified working copies category.
Detailed information about this topic

IT Shop properties for a rule

Table 19: Configuration parameter for IT Shop relevant properties
Configuration parameter Meaning if set
QER | ComplianceCheck | EnableITSettingsForRule IT Shop properties for the compliance rule are visible and can be edited.

You can integrate checking requests for rule compliance into approval workflows in the IT Shop. On the IT Shop properties tab, specify how violations of this rule should be handled within an approval process for IT Shop requests.

NOTE: This tab is only shown when the rule condition is created in the simplified version. For more information, see Creating rule conditions.

To enter IT Shop properties for a rule

  1. In the Designer, set the "QER | ComplianceCheck | EnableITSettingsForRule" configuration parameter.
  2. Enable the Rule for cyclical testing and risk analysis option on the rule's master data form on the General tab in the IT Shop.
  3. Select the IT Shop properties tab.
  4. Edit the master data.
  5. Save the changes.
Table 20: IT Shop properties
Property Description
Rule violation identified Specifies which rule violations are logged.
Table 21: Permitted values
Value Description
New rule violation due to a request Only rule violations that are added through approval of the current request are logged.
Unapproved exception Rule violations that are added through approval of the current request are logged. Already known rule violations that have not yet been granted an exception are also logged.
Any compliance violation All rule violations are logged, independent of whether an exception approval has already been granted or not.

This value is automatically set when the Explicit exception approval option is set.

Explicit exception approval Specifies whether exception approvals are presented again or whether existing exception approvals should be reused.
Table 22: Permitted values

Option is

Description

Enabled

A known rule violation must always be presented for exception approval, even if there is an exception approval from a previous violation of the rule.

Not set

A known rule violation is not presented again for exception approval if there is an exception approval from a previous violation of the rule. This exception approval is reused and the known rule violation is automatically granted exception.

Additional tasks for working copies

After you have entered the master data, you can run the following tasks.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating