Sun Identity Manager 8.1 Business Administrator's Guide

Access Review Remediation

Compliance violation remediation and mitigation, and access review remediation, are managed from the Remediations area of the Work Items tab. However, there are differences between the two remediation types. This section describes the unique behavior of access review remediation, and how it differs from the remediation tasks and information described in Compliance Violation Remediation and Mitigation.

About Access Review Remediation

When an attestor requests that a user entitlement be remediated, the Standard Attestation workflow creates a remediation request, which must be addressed by a remediator (a designated user who is allowed to evaluate and respond to remediation requests).

The problem can only be remediated; it cannot be mitigated. Attestation cannot continue until the problem is resolved.

When remediations result from an access review, then the Access Review dashboard tracks all attestors and remediators involved with the review.

Access Review Remediation Request Escalation

Access Review remediation requests are not escalated beyond the initial remediator.

The Remediation Workflow Process

The logic of access review remediation is defined in the Standard Attestation workflow.

When an attestor requests remediation of a user entitlement, the Standard Attestation workflow:

The new remediator can then choose to edit the user, either by using Identity Manager or independently, and then mark the work item as remediated when satisfied. At that point, the user entitlement is rescanned and evaluated again.

Access Review Remediation Responses

By default, three response options are given to the access review remediator:

The Remediations Page

The Type column is shown as UE (user entitlement) for all remediation work items that are access review remediation work items.

Unsupported Access Review Remediation Actions

The prioritization and mitigation features are not supported for access review remediations.