Identity Manager provides these sample policies, accessible from the Audit Policies list:
IDM Role Comparison Policy
IDM Account Accumulation Policy
This sample policy allows you to compare a user’s current access to the access specified by Identity Manager roles. The policy ensures that all resource attributes specified by roles are set for the user.
This policy fails if:
The user is missing any resource attributes specified by roles
The user’s resource attributes differ from those specified by roles
This sample policy verifies that all accounts held by the user are referenced by at least one role also held by that user.
This policy fails if the user has accounts on any resources that are not explicitly referenced by a role assigned to the user.