立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Compliance Rules Administration Guide

Compliance rules and identity audit
One Identity Manager users for identity audit Basic data for setting up rules Setting up a rule base rule check Mail templates for notifying about identity auditing
Mitigating controls for compliance rules Configuration parameters for Identity Audit

Which identities violate a specific rule?

To display identities that violate a rule

  1. In the Manager, select the Identity Audit > Rule violations category.

  2. Select a rule violation in the result list.

  3. Select the Show rule violations task.

    This displays all identities assigned to the rule violation.

Table 24: Meaning of rule evaluation icons
Icon Meaning

Identities pending a rule violation decision.

Identities granted exception approval for their rule violation.

Identities not granted exception approval for their rule violation.

Which rules are violated by a specific identity?

To view which rules the identity violates

  1. In the Manager, select the Identities > Identities category.

  2. Select an identity in the result list.

  3. Select the Rule evaluation report.

    This not only shows the rule that the identity has violated with or without exception, but also those the identity does not violate.

Table 25: Meaning of icons in identity rule analysis
Icon Meaning

The rule is not violated.

The rule is violated. No exception approval has been granted for this rule exception.

The rule is violated. No exception approval has been granted for this rule exception.

Reports about rule violations

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. You can generate the following reports for all active rules, rule groups, and compliance frameworks.

NOTE: Other sections may be available depending on the which modules are installed.

Table 26: Reports about rule violations
Report Description

Overview of all assignments

(of a rule)

This report shows all identities that violate the selected rule. The report shows which roles of a role class the identity belongs to. Identities that are not members of any role are not taken into account.

Rule violations overview

(of a rule)

This report groups together all rule violations for the selected rule. All identities are listed that have objects that violation the rule. The result list is grouped by:

  • Identities pending a rule violation decision.

  • Identities without exception approval.

  • Identities with exception approval.

Show historical rule violations

(of a rule)

This report groups together all historical rule violations for the selected rule. All identities are listed that violate the rule as well as the time period covering the rule violation.

Rule violations overview

(of a rule group)

This report groups together all rule violations for the selected rule group. All rule violations are listed. The number of granted, denied, and not yet processed rule violations are given in addition.

Rule violations overview

(of a compliance framework)

This report groups together all rule violations for the selected compliance framework. All rule violations are listed. The number of granted, denied, and not yet processed rule violations are given in addition.

Detailed list of rule violations

(of a compliance framework)

This report groups together all rule violations for the selected compliance framework. All rule violations are listed. For each rule, the identity that violated the rule, the date and the reason for the approval decision are given.

Related topics

Overview of all assignments

The Overview of all assignments report is displayed for some objects, such as authorizations, compliance rules, or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles, and IT Shop structures in which there are identities who own the selected base object. In this case, direct as well as indirect base object assignments are included.

Example:
  • If the report is created for a resource, all roles are determined in which there are identities with this resource.

  • If the report is created for a group or another system entitlement, all roles are determined in which there are identities with this group or system entitlement.

  • If the report is created for a compliance rule, all roles are determined in which there are identities who violate this compliance rule.

  • If the report is created for a department, all roles are determined in which identities of the selected department are also members.

  • If the report is created for a business role, all roles are determined in which identities of the selected business role are also members.

To display detailed information about assignments

  • To display the report, select the base object from the navigation or the result list and select the Overview of all assignments report.

  • Click the Used by button in the report toolbar to select the role class for which you want to determine whether roles exist that contain identities with the selected base object.

    All the roles of the selected role class are shown. The color coding of elements identifies the role in which there are identities with the selected base object. The meaning of the report control elements is explained in a separate legend. To access the legend, click the icon in the report's toolbar.

  • Double-click a control to show all child roles belonging to the selected role.

  • By clicking the button in a role's control, you display all identities in the role with the base object.

  • Use the small arrow next to to start a wizard that allows you to bookmark this list of identities for tracking. This creates a new business role to which the identities are assigned.

Figure 9: Toolbar of the Overview of all assignments report.

Table 27: Meaning of icons in the report toolbar

Icon

Meaning

Show the legend with the meaning of the report control elements

Saves the current report view as a graphic.

Selects the role class used to generate the report.

Displays all roles or only the affected roles.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级