Sun Identity Manager 8.1 Business Administrator's Guide

Access Review Scans

To initiate a periodic access review, you must first define at least one access scan.

The access scan defines who will be scanned, which resources will be included in the scan, any optional audit policies to be evaluated during the scan, and rules to determine which entitlement records will be manually attested, and by whom.

Access Review Workflow Process

In general, the Identity Manager access review workflow:

See Access Review Remediation for a description of the remediation capabilities.

Required Administrator Capabilities

To conduct a periodic access review and manage the review processes, a user must have the Auditor Periodic Access Review Administrator capability. A user with Auditor Access Scan Administrator capability can create and manage access scans.

To assign these capabilities, edit the user account and modify the security attributes. For more information about these and other capabilities, see Understanding and Managing Capabilities in Chapter 6, Administration.