Sun Identity Manager 8.1 Business Administrator's Guide

About Remediation

When Identity Manager detects an unresolved (not mitigated) audit policy compliance violation, it creates a remediation request, which must be addressed by a remediator A remediator is a designated user who is allowed to evaluate and respond to audit policy violations.

Remediator Escalation

Identity Manager allows you to define three levels of remediator escalation. Remediation requests are initially sent to Level 1 remediators. If a Level 1 remediator does not act on a remediation request before the timeout period expires, Identity Manager escalates the violation to the Level 2 remediators and begins a new timeout period. If a Level 2 remediator does not respond before the timeout period expires, then the request is escalated once again to the Level 3 remediator.

To perform remediation, you must designate at least one remediator for your enterprise. Specifying more than one remediator for each level is optional, but recommended. Multiple remediators help ensure workflow is not delayed or halted.

Remediation Security Access

These authorization options are for work items of authType RemediationWorkItem.

By default, the behavior for authorization checks is one of the following:

The second and third checks are independently configurable by modifying these options:

These options can be added or modified in the following:

UserForm: Remediation List

Remediation Workflow Process

Identity Manager provides the Standard Remediation Workflow to provide remediation processing for Audit Policy scans.

The Standard Remediation Workflow generates a remediation request (a review-type work item) containing information about the compliance violation and sends an email notification to each Level 1 remediator named in the audit policy. When a remediator mitigates the violation, the workflow changes the state of, and assigns an expiration to, the existing compliance violation object.

A compliance violation is uniquely identified by the combination of the user, policy name, and rulename. When an audit policy evaluates to true, a new compliance violation is created for each user/policy/rule combination, if an existing violation for this combination does not already exist. If a violation does exist for the combination, and the violation is in a mitigated state, then the workflow process takes no action. If the existing violation is not mitigated, then its recurrent count is incremented.

For more information about remediation workflows, see About Audit Policies.

Remediation Responses

By default, three response options are given to each remediator:

Remediation Example

Your enterprise establishes a rule in which a user cannot be responsible for both Accounts Payable and Accounts Receivable, and you receive notice that a user is violating this rule.