Identity Manager 8.1.5 - Web Portal User Guide

Chat now with support

Certain roles require you to find policy violations within their own system. This information can help to determine gaps in your security or compliance policies and help to develop attestation policies or violation mitigation. Mitigation comprises processes existing outside the One Identity Manager solution and that reduce the risk of violation. For more information, see Governance administration.

You can generate reports, which exactly describe the rule or policy violations. These reports contain a risk assessment for you to use for prioritizing violations and on which to base subsequent planning. The reduced risk index takes into account many risk factors that arise from violations and represents the risk as a value between 0 (no risk) and 1 (high risk).

NOTE: You can only see the Policy violations or Rule violations if you have the compliance and security officer's or auditor's application role.

Depending on which application roles have been assigned to you, the following options are visible to you in your rule violation view:

Framework administrator
Policy supervisors
Exception approvers
All Policies

NOTE: If you only have one application role, you will not see any other options. The option corresponding to the application in this case is preset and must not be enabled by you.

To view rule violations

Open Compliance | Governance Administration and click Policy Violations.
Set one of the options shown to present the view more clearly.
Mark a rule.
Get further information.
Perform one of the following tasks:
1. Click of the links in the detailed content view to display more details.
2. Click "Show details" to display details about the selected rule.
3. Depending on your role assignments, you can generate a report using Report.

Users who have access to certain critical SAP functions, may violate compliance rules and can pose a significant security threat. You should analyze these users to determine if action should be taken. Two menus help you with these tasks in the Web Portal.

Rule analysis shows compliance rules that contain SAP functions and identify each employee that violates the rules. You can analyze the rule violation to determine the cause.

To obtain information about SAP user accounts involved in violating rules.

Select Compliance | Governance Administration and click Rule analysis.

A list of compliance rules including SAP functions appears.
Click Select in the required entry to display the user accounts and employees related to the violated compliance rule.

You can determine which rules have violations by using the Critical Function Analysis.

For any employee who has violated the rule, you can analyze the violation by role or ability.
Perform one of the following tasks:
1. Click By role in the required entry to expand details about roles and profiles for the rule violation.
2. Click By ability in the required entry to expand details about the SAP functions and transactions.
3. Click Back to return to the list of employees.

Function analysis shows you employees with critical SAP functions that violate compliance rules. For each employee, you can determine what SAP function is involved in the violation and the rules that caused the violation. You can use the significance rating to prioritize your actions. If a rule with a significance rating is violated by an SAP function with a significance rating it must be handled promptly.

To identify employees who violate compliance rules with critical SAP functions.

Select Compliance | Governance Administration and click Critical function analysis.

A list of employees who have certain critical SAP functions is displayed.
Click Select in the requested entry to display the SAP functions and rule violations for the selected employee.

In the Responsibilities menu, you can run various actions and obtain information. The following tables provide you with an overview of the menu items and actions that can be executed here.

Table 45: Menu items for "Responsibilities"
Menu item	Action	Description
My responsibilities
	Employees	View your employees and their details. Add new people.
	System entitlements	Viewing and editing your system entitlements with details. Add members and view historical data.
	Business roles	View and edit your system roles and their details. Create new business roles or restore deleted ones. Split up, compare, or merge roles.
	System roles	View and edit your business roles and their details. Create new system roles.
	Departments	View and edit your departments and their details. Restore deleted departments or split, compare, and merge departments.
	One Identity Manager Application Roles	View and edit your application roles and their details. Create new application roles.
	Cost centers	View and edit your cost centers and their details. Restore deleted cost centers or split, compare, and merge cost centers.
	Locations	View and edit your locations and their details. Restore deleted locations or split, compare, and merge deleted locations.
	Resources	View your resources and their details. Add new resources.
	Assignment resources	View and edit your assignments resources and their details. Add entitlements and view historical data.
	Multi-requestable/unsubscribable resources	View and edit Multi-requestable/unsubscribable resources and their details. Request memberships for employees and add permissions. View historical data.
	Devices	View and edit your devices. Add new devices.
Task delegation
	Delegation	View those responsibilities you can delegate.
	Delegation history	View your delegations to other staff and delegate responsibilities to them.
Ownerships
	Claim ownership	Claim responsibility for a group that does not has no one in charge.
	Assigning owners	Assigns an owner to a business object.
Auditing
	Departments	View one or all departments of the employee who is responsible for them.
	Software	View one or all software applications of the employee who is responsible for them.
	Business roles	View one or all business roles of the employee who is responsible for them.
	Cost centers	View one or all cost centers of the employee who is responsible for them.
	Multi-request resources	View one or all mulit-request resources of the employee who is responsible for them.
	Employees	View all employee details.
	One Identity Manager application roles	View one or all application roles of the employee who is responsible for them.
	Resources	View one or all resources of the employee who is responsible for them.
	Locations	View one or all locations of the employee who is responsible for them.
	System roles	View one or all system roles of the employee who is responsible for them.
	Assignment resources	View one or all assignment resources of the employee who is responsible for them.
	Active Directory	View one or all entitlements of the employee who is responsible for an Active Directory group.
	Azure Active Directory	View one or all entitlements of the employee who is responsible for an Azure Active Directory group.
	G Suite	View one or all entitlements of the employee who is responsible for a G Suite group.
	IBM Notes	View one or all entitlements of the employee who is responsible for an IBM Notes group.
	LDAP	View one or all entitlements of the employee who is responsible for an LDAP group.
	Privileged Account Management	View one or all entitlements of the employee who is responsible for an Privileged Account Management group.
	SAP R/3	View one or all entitlements of the employee who is responsible for an SAP R/3 group.
	Universal Cloud Interface	View one or all entitlements of the employee who is responsible for an Universal Cloud Interface group.
	UNIX	View one or all entitlements of the employee who is responsible for a Unix group.
Governance administration
	Business roles	View and edit business roles and their details. Restore deleted roles. Split up, compare, or merge roles.
	System entitlements	View and edit system entitlements and their details. Add members, assign devices, and view historical data.