立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Company Policies Administration Guide

Company policies in One Identity Manager Defining company policies
Creating and editing company policies Using default company policies Deleting company policies Policy groups Compliance frameworks Schedules for checking policies Company policy attestors Policy supervisors for company policies Exception approvers for policy violations Standard reasons for policy violations Mail templates for company policy notifications
Checking company policies Automatic attestation of policy violations Mitigating controls for company policies General configuration parameter for company policies

Displaying the schedule overview

You can display the most important information about a schedule on the overview form.

To obtain an overview of a schedule

  1. In the Manager, select the Company Policies > Basic configuration data > Schedules category.

  2. Select the schedule in the result list.

  3. Select the Schedule overview task.

Company policy attestors

NOTE: This function is only available if the Attestation Module is installed.

Identities that can be used to attest attestation procedures can be assigned to company policies. To do this, assign the company policies to application roles for attestors. Assign identities to this application role who are authorized to attest company policies. For more information about attestation, see the One Identity Manager Attestation Administration Guide.

A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 8: Default application roles for attestors
User Tasks

Company policy attestors

Attestors must be assigned to the Identity & Access Governance | Company policies | Attestors application role.

Users with this application role:

  • Attest company policies and exception approvals in the Web Portal for which they are responsible.

  • Can view the main data for these company policies but not edit them.

NOTE: This application role is available if the module Attestation Module is installed.

To add identities to default application roles for attestors

  1. In the Manager, select the Company Policies > Basic configuration data > Attestors category.

  2. Select the Assign identities task.

  3. In the Add assignments pane, add identities.

    TIP: In the Remove assignments pane, you can remove assigned identities.

    To remove an assignment

    • Select the identity and double-click .

  4. Save the changes.

Policy supervisors for company policies

Identities that are responsible for the contents of company policies can be assigned to these company policies. To do this, assign an application role for policy supervisors to a company policy on the main data form.

A default application role for policy supervisors is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 9: Default application role for rule supervisors
User Tasks

Policy supervisors

Policy supervisors must be assigned to the Identity & Access Governance | Company policies | Policy supervisors application role or another child application role.

Users with this application role:

  • Are responsible for the contents of company policies.

  • Edit working copies of company policies.

  • Enable and disable company policies.

  • Can calculation policies and view policy violations if required.

  • Assign mitigating controls.

To add identities to the default application for rule supervisors

  1. In the Manager, select the Company Policies > Basic configuration data > Policy supervisors category.

  2. Select the Assign identities task.

  3. In the Add assignments pane, add identities.

    TIP: In the Remove assignments pane, you can remove assigned identities.

    To remove an assignment

    • Select the identity and double-click .

  4. Save the changes.
Related topics

Exception approvers for policy violations

Identities that can issue exception approvals for policy violations can be assigned to company policies. To do this, assign an application role for exception approvers to a company policy on the main data form.

A default application role for exception approvers is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 10: Default application role for exception approvers
User Tasks

Exception approvers

Exception approvers must be assigned to the Identity & Access Governance | Company policies | Exception approvers application role or a child application role.

Users with this application role:

  • Edit policy violations.

  • Can grant exception approval or revoke it.

To add identities to default application roles for exception approvers

  1. In the Manager, select the Company Policies > Basic configuration data > Exception approvers category.

  2. Select the Assign identities task.

  3. In the Add assignments pane, add identities.

    TIP: In the Remove assignments pane, you can remove assigned identities.

    To remove an assignment

    • Select the identity and double-click .

  4. Save the changes.
Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级