Identity Manager allows you to define three levels of remediator escalation. Remediation requests are initially sent to Level 1 remediators. If a Level 1 remediator does not act on a remediation request before the timeout period expires, Identity Manager escalates the violation to the Level 2 remediators and begins a new timeout period. If a Level 2 remediator does not respond before the timeout period expires, then the request is escalated once again to the Level 3 remediator.
To perform remediation, you must designate at least one remediator for your enterprise. Specifying more than one remediator for each level is optional, but recommended. Multiple remediators help ensure workflow is not delayed or halted.
These authorization options are for work items of authType RemediationWorkItem.
The remediation work item owner
A direct or indirect manager of the remediation work item owner
An administrator who controls an organization in which the remediation work item owner belongs
By default, the behavior for authorization checks is one of the following:
Owner is the user attempting the action
Owner is in an organization controlled by the user attempting the action
Owner is a subordinate of the user attempting the action
The second and third checks are independently configurable by modifying these options:
controlOrg. Valid values are true or false.
subordinate. Valid values are true or false.
lastLevel. The last subordinate level to include in the result; -1 means all levels. The integer value for lastLevel defaults to -1, meaning direct and indirect subordinates.
These options can be added or modified in the following:
UserForm: Remediation List