Plan carefully before creating an audit policy! Before you begin, verify that you have completed these tasks:
Identify the rules you will use to create the policy in the Audit Policy Wizard. The rules you choose are determined by the type of policy you are creating and the specific limitations you want to define. See To Identify the Rules You Need in the next section for more information.
Import any remediation workflow or rule that you want to include in the new policy. See (Optional) Import Separation of Duty Rules into Identity Managerfor more information.
Ensure that you have the required capabilities to create audit policies. See the required capabilities in Understanding and Managing Capabilities in Chapter 6, Administration.
The constraints you specify in the policy are implemented in a set of rules that you create or import. When using the Audit Policy Wizard to create a rule, perform the following steps:
Identify the specific resource you are working with.
Select an account attribute from the list of attributes that are valid for the resource.
Select a condition to impose on the attribute.
Enter a value for comparison.
For information on creating audit policy rules outside of the Audit Policy Wizard, see Chapter 5, Working with Rules, in Sun Identity Manager Deployment Reference.
The Audit Policy Wizard cannot create Separation of Duty rules. You must construct these rules outside of Identity Manager and import the rules by using the Import Exchange File option on the Configure tab.
To use a remediation workflow that is not currently available from Identity Manager, import the external workflow. You can create custom workflows using an XML editor or the Identity Manager IDE.
Set authType=’AuditorAdminTask’ and add subtype=’SUBTYPE_REMEDIATION_WORKFLOW’. You can use the Identity Manager IDE or your XML editor of choice to set these configuration objects.
Import the workflow by using the Import Exchange File option.
Log in to the Administrator interface ( Logging in to the Identity Manager End-User Interface ).
Click the Configure tab, then click the Import Exchange File subtab or menu.
The Import Exchange File page opens.
Browse to the workflow file to upload, then click Import.
After you have successfully imported the workflow, it appears in the Audit Policy Wizard (Creating an Audit Policy) Remediation Workflow list of options.