Defining Audit Policy Rules
One audit policy can contain hundreds of rules that reference a wide range of resources. These rules define potential conflicts on an attribute basis within an audit policy. In Waveset, you can define rules that check only a single attribute on a single resource or that check multiple attributes on multiple resources. During evaluation, the rule has access to user account data from one or more resources.
You can use Waveset's Audit Policy Wizard to create simple rules. If you need to create more powerful rules, you can use the Identity Manager IDE or an XML editor.
When defining rules for an audit policy, remember the following:
-
Rules can contain functions written in the XPRESS, XML Object, or JavaScript languages.
-
Rules must be of subType SUBTYPE_AUDIT_POLICY_RULE.
-
Rules must be of authType AuditPolicyRule.
Note –
Rules generated by the Audit Policy Wizard are automatically assigned the appropriate subType and authType.
Rules created using the Audit Policy Wizard return a true or false value. Any policy rule that returns a truevalue results in a policy violation.
However, if you use the Identity Manager IDE, you can create rules that skip a user during an audit scan or an access review. An audit policy rule that returns a value of ignore stops rule processing for that user and skips to the next target user.
For more information about creating audit policy rules, see Chapter 4, Working with Rules, in Oracle Waveset 8.1.1 Deployment Reference.
- © 2010, Oracle Corporation and/or its affiliates