Mitigating controls can be defined in One Identity Manager functions.
|Function||Object type||Application||Available in Module|
|Compliance||Compliance rules||Reduces the risk connection with violating rules.||Compliance Rules Module|
|Rule violations||Reduces the risk connected with the exception approval of a concrete rule violation.|
|SAP functions||Reduces the risk of SAP user accounts matching SAP functions.||SAP R/3 Compliance Add-on Module|
|Attestation||Attestation policies||Reduces the risk connected with denied attestation cases.||Attestation Module|
|Attestation Cases||Reduces the risk connected with the denial of a concrete attestation case.|
|Company policies||Company policies||Reduces the risk connection with violating policies.||Company Policies Module|
|Policy violations||Reduces the risk connected with the exception approval of a concrete policy violation.|
To edit mitigating controls
- In the Designer, set the QER | CalculateRiskIndex configuration parameter and compile the database.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
Use SAP to assign mitigating controls to compliance rules, Manager functions or company policies. For more information, see Additional tasks for a mitigating control.
You can assign mitigating controls directly to a specific rule violation when editing exception approval for rule violations in the Web Portal. You can assign mitigating controls direct to a specific attestation case during attestation in the Web Portal. You can assign mitigating controls directly to a specific rule violation when editing exception approval for policy violations in the Web Portal.