Companies have different requirements that they need for regulating internal and external identities' access to company resources. On the one hand, rule checks are used for locating rule violations and on the other hand, to prevent them. By using these rules, you can demonstrate compliance with legislated regulations such as the Sarbanes-Oxley Act (SOX). The following demands are made on compliance:
-
Compliance rules define what an employee is entitled to do or not do. For example, an identity may not have both entitlements A and B at the same time.
-
Company policies are very flexible, and can be defined for any company resources you are managing with Manager. For example, a policy might only allow identities from a certain department to own a certain entitlement.
-
Each item that an identity access can be given a risk value. A risk index can be calculated for identities, accounts, organization, roles, and for the groups of resources available for request. You can then use the risk indexes to help prioritize your compliance activities.
Some rules are preventative. For example, a request will not be processed if it violates the rules, unless exception approval is explicitly granted and an approver allows it. Compliance rules (if appropriate) and company policies are run on a regular schedule and violations appear in the identity’s Web Portal to be dealt with there. Company policies can contribute to mitigation control by reducing risk. For example, if risks are posed by identities running processes outside the One Identity Manager solution and causing violations. Reports and dashboards give you further insights into your state of compliance. For more information, see What statistics are available?.
Detailed information about this topic
You can see system role rule violations.
To display rule violations
-
In the menu bar, click Responsibilities > Auditing.
-
On the Auditing page, click System roles.
-
On the Auditing - System roles page, click the system role whose rule violations you want to display.
-
In the details pane, click Show details.
-
On the overview page, click Compliance.
This opens the Compliance - <system role name> page (see Compliance – System role (page description)).
Related topics
You can see system role risk indexes.
NOTE: For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.
To display a system role's risk index
-
In the menu bar, click Responsibilities > Auditing.
-
On the Auditing page, click System roles.
-
On the Auditing - System roles page, click the system role whose risk index you want to display.
-
In the details pane, click Show details.
-
On the overview page, click Risk.
This opens the Risk - <system role name> page (see Risk – System role (page description)).
-
(Optional) To show which attributes and assignments contribute to the calculated risk index, click View risk functions.
Related topics
The Web Portal offers you the option to display system roles' historical data.
To do this, you have the following options:
Table 41: Historical data
Events |
This shows you all the events that affect the system role, either on a timeline or in a table (see Displaying my system roles' history). |
Status overview |
This shows you an overview of all assignments. It also shows how long each change was valid for. Use the status overview to track when changes were made and by whom. This way, you not only see the initial and current status but you also see all the steps in between (see Displaying the status overview of my system roles). |
Status comparison |
You can select a date and display all the changes made from then until now. This also shows you what the value of the property was at the selected point in time and what the value is now (see Comparing statuses of my system roles). |