Sun Identity Manager Deployment Reference

Remediator Rule

During an access review, every User view is passed to the Remediator rule to determine who should get the initial remediation requests. This rule is analogous to the Attestors rule, except the Remediator rule is called when a workitem is created in the remediating state.


Accepts the following arguments:

You must specify the following for a custom Remediator rule:






During access scan, after evaluating all audit policies and before dispatching the user entitlement 


A list of zero or more Identity Manager remediator names or NamedValue pairs.

  • If the result is a string, it is resolved to a Identity Manager user, and if delegation is enabled for the access scan, the user’s delegation data is used.

  • If the result is a NamedValue, it is assumed to be a bound delegation pair [Delegator, Delegatee].

  • If the result is one or more invalid Identity Manager user names, errors indicating a problem are appended to the scan task results, but the scan thread continues.

  • If the result is not a string or NamedValue, an exception occurs and the scan thread aborts.

  • If the results are a zero-length list, the remediation request remains in a pending state because nobody will process it.

Note –

If the rule returns NamedValue pair elements, they are passed on without validation.

Predefined Rules 

Default Remediator 


Compliance > Manage Policies > Access Scan > Remediator Rule