Sun Identity Manager 8.1 Business Administrator's Guide

Editing an Audit Policy

Common editing tasks on audit policies include:

The Edit Policy Page

Click a policy name in the Audit Policy name column to open the Edit Audit Policy page. This page categorizes audit policy information in these areas:

Use this area of the page to:

Note –

You cannot use this product to directly edit an existing rule. Use the Identity Manager IDE or an XML editor to edit the rule, and then import it into Identity Manager. You can then remove the previous version, and add the newly revised version.

Edit Audit Policy Description

Edit the audit policy description by selecting the text in the Description field and then entering new text.

Edit Options

Optionally select or deselect the Restrict target resources or Allow violation re-scans options.

Delete a Rule from the Policy

To delete a rule from the policy, click the Select button that precedes the rule name, and then click Remove.

Add a Rule to the Policy

Click Add to append a new field that you can use to select a rule to add.

Change a Rule used by the Policy

In the Rule Name column, select another rule from the selection list.

Remediators Area

Figure 14–8 shows a portion of the Remediators area, where you assign Level 1, Level 2, and Level 3 remediators for a policy.

Figure 14–8 Edit Audit Policy Page: Assign Remediators

Figure showing the Assign Remediators area of the Edit
Audit Policy page

Use this area of the page to:

Remove or Assign Remediators

Select a remediator for one or more remediation levels by entering a user ID and then clicking Add. To search for a user ID, click ... (More). You must select at least one remediator.

To remove a remediator, select a user ID in the list, and then click Remove.

Adjust Escalation Timeouts

Select the timeout value, then enter the new value. By default, no timeout value is set

Note –

If you specify an escalation timeout value for the highest-level remediator selected, then the work item is removed from the list when the escalation times out.

Remediation Workflow and Organizations Area

Figure 14–9 shows the area in which you specify the remediation workflow and organizations for an audit policy.

Figure 14–9 Edit Audit Policy Page: Remediation Workflow and Organizations

Figure showing the Remediation Workflow and Organizations
area of the Edit Audit Policy page

Use this area of the page to:

Change the Remediation Workflow

To change the workflow assigned to a policy, you can select an alternative workflow from the list of options. By default, no workflow is assigned to an audit policy.

Note –

If no workflow is assigned to the Audit Policy, the violations will not be assigned to any remediators.

Select a remediation workflow from the list, and then click Save.

Select Remediation User Form Rule

Optionally select a rule to calculate the user form applied when editing a user through a remediation.

Assign or Remove Visibility to Organizations

Adjust the organizations to which this audit policy will be available, and then click Save.

Sample Policies

Identity Manager provides these sample policies, accessible from the Audit Policies list:

IDM Role Comparison Policy

This sample policy allows you to compare a user’s current access to the access specified by Identity Manager roles. The policy ensures that all resource attributes specified by roles are set for the user.

This policy fails if:

IDM Account Accumulation Policy

This sample policy verifies that all accounts held by the user are referenced by at least one role also held by that user.

This policy fails if the user has accounts on any resources that are not explicitly referenced by a role assigned to the user.