Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Compliance Rules Administration Guide

Compliance rules and identity audit
One Identity Manager users for identity audit Basic data for setting up rules Setting up a rule base rule check Mail templates for notifying about identity auditing
Mitigating controls for compliance rules Configuration parameters for Identity Audit

Displaying the compliance frameworks overview

You can see the most important information about a compliance framework on the overview form.

In the Rule violation overview report, you get an overview of all rule violations for a compliance framework.

To obtain an overview of a compliance framework

  1. In the Manager, select the Identity Audit > Basic configuration data > Compliance frameworks category.

  2. Select the compliance framework from the result list.
  3. Select the Compliance framework overview task.

Schedules for checking rules

Cyclical checking of all rules is controlled through schedules. One Identity Manager provides two default schedules for rule checking. This ensures that the auxiliary table for object assignments are regularly updated and that rule checking is started. You can set up more schedules to do this. Ensure that the schedules are assigned to the rules.

To create or edit schedules

  1. In the Manager, select the Identity Audit > Basic configuration data > Schedules category.

    The result list shows all schedules configured for the ComplianceRule table.

  2. Select a schedule in the result list. Select Change main data.

    – OR –

    Click in the result list.

  3. Edit the schedule’s main data.

  4. Save the changes.

Enter the following properties for a schedule.

Table 4: Schedule properties

Property

Meaning

Name

Schedule ID. Translate the given text using the button.

Description

Detailed description of the schedule. Translate the given text using the button.

Enabled

Specifies whether the schedule is enabled.

NOTE: Only active schedules are run. Active schedules are only run if the QBM | Schedules configuration parameter is set.

Time zones

Unique identifier for the time zone that is used for running the schedule. Choose between Universal Time Code or one of the time zones in the menu.

NOTE:

When you add a new schedule, the time zone is preset to that of the client from which you started the Manager.

Start (date)

The day on which the schedule should be run for the first time. If this day conflicts with the defined interval type, the first run is on the next available day based on the start date.

Validity period

Period within which the schedule is run.

  • If the schedule will be run for an unlimited period, select the Unlimited duration option.

  • To set a validity period, select the Limited duration option and enter the day the schedule will be run for the last time in End (date).

Occurs

Interval in which the task is run. Other settings may be required depending on the settings.

  • Every minute: The schedule is run once a minute. The starting point is calculated from the rate of occurrence and the interval type.

  • Hourly: The schedule is run at defined intervals of a multiple of hours such as every two hours.

    • Under Repeat every, specify after how many hours the schedule is run again.

    • The starting point is calculated from the rate of occurrence and the interval type.

  • Daily: The schedule is run at specified times in a defined interval of days such as every second day at 6am and 6pm.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many days the schedule is run again.

  • Weekly: The schedule is run at a defined interval of weeks, on a specific day, at a specified time such as every second week on Monday at 6am and 6pm.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many weeks the schedule is run again.

    • Specify the set day of the week for running the schedule.

  • Weekly: The schedule is run at a defined interval of months, on a specific day, at a specified time such as every second month on the 1st and the 15th at 6am and 6pm.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many months the schedule is run again.

    • Specify the days of the month (1st - 31st of the month).

    NOTE: If the Monthly interval type with the sub interval 29, 30 or 31 does not exist in this month, the last day of the month is used.

    Example:

    A schedule that is run on the 31st day of each month is run on April 30th. In February, the schedule is run on the 28th (or 29th in leap year).

  • Yearly: The schedule is run at a defined interval of years, on a specific day, at a specified time such as every year on the 1st, the 100th, and the 200th day at 6am and 6pm.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many years the schedule is run again.

    • Specify the days of the year (1st - 366th day of the year).

      NOTE: If you select the 366th day of the year, the schedule is only run in leap years.

  • Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday: The schedule is run on a defined day of the week, in specified months, at specified times such as every second Saturday in January and June at 10am.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many days of the month the schedule is run again. The values 1 to 4, -1 (last day of the week), and -2 (last day but one of the week) are permitted.

    • Specify in which month to run the schedule. The values 1 to 12 are permitted. If the value is empty, the schedule is run each month.

Start time

Fixed start time Enter the time in local format for the chosen time zone. If there is a list of start times, the schedule is started at each of the given times.

Repeat every

Rate of occurrence for running the schedule within the selected time interval.

Last planned run/Next planned run

Activation time calculated by the DBQueue Processor. Activation times are recalculated whilst the schedule is running. The time of the next run is calculated from the interval type, rate of occurrence, and the start time.

NOTE: One Identity Manager provides the start information in the time zone of the client where the program was started. Changes due to daylight saving are taken into account.

Default schedules for identity audit

One Identity Manager provides the following schedules for Identity Audit.

Table 5: Default schedules
Schedule Description

Compliance rule check

Default schedule for checking rules.

This schedule generates a processing task in the DBQueue Processor at regular intervals for each rule.

Fill compliance rule objects

Default schedule for filling auxiliary tables.

Auxiliary table for object assignments are evaluated to determine potential rule violations in the Web Portal. These auxiliary tables are regularly updated by the DBQueue Processor. This task cyclically generates processing tasks for updating the auxiliary tables.

Related topics

Assigning compliance rules to schedules

Use this task to assign compliance rules to the selected schedule, which will check them. By default, the Fill compliance rule objects and Compliance rule check schedules are assigned but you can use the assignments form to assign the selected schedule to any rules.

To assign the schedule to rules

  1. In the Manager, select the Identity Audit > Basic configuration data > Schedules category.

  2. Select the schedule in the result list.

  3. Select the Assign rules (for filling) task.

    - OR -

    Select the Assign rules (for testing) task.

  4. In the Add assignments pane, double-click the rules you want to assign.

  5. Save the changes.

To change an assignment

  1. In the Manager, select the Identity Audit > Basic configuration data > Schedules category.

  2. Select the schedule in the result list.

  3. Select the Assign rules (for filling) task.

    - OR -

    Select the Assign rules (for testing) task.

  4. Select the Show objects already assigned to other objects menu item in the assignment form's context menu.

    This shows rules that are already assigned in other schedules.

  5. In the Add assignments pane, double-click on one of these rules.

    The rule is assigned to the currently selected schedule.

  6. Save the changes.
  7. To put the changes into effect, enable the working copy.

NOTE: Assignments cannot be removed. Schedule assignments are compulsory for rules.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating