Common editing tasks on audit policies include:
Adding or deleting rules
Changing the targeted resources
Adjusting the list of organizations that have access to the policy
Changing the escalation timeout associated with each level of remediation
Changing the remediation workflow associated with the policy
Click a policy name in the Audit Policy name column to open the Edit Audit Policy page. This page categorizes audit policy information in these areas:
Identification and Rules area
Remediators and Escalation timeout area
Workflow and Organizations Area
Use this area of the page to:
Edit the policy description
Add or delete a rule
You cannot use this product to directly edit an existing rule. Use the Identity Manager IDE or an XML editor to edit the rule, and then import it into Waveset. You can then remove the previous version, and add the newly revised version.
Edit the audit policy description by selecting the text in the Description field and then entering new text.
Optionally select or deselect the Restrict target resources or Allow violation re-scans options.
To delete a rule from the policy, click the Select button that precedes the rule name, and then click Remove.
Click Add to append a new field that you can use to select a rule to add.
In the Rule Name column, select another rule from the selection list.
Figure 14–8 shows a portion of the Remediators area, where you assign Level 1, Level 2, and Level 3 remediators for a policy.
Use this area of the page to:
Remove or assign remediators to a policy
Adjust escalation timeouts
Select a remediator for one or more remediation levels by entering a user ID and then clicking Add. To search for a user ID, click ... (More). You must select at least one remediator.
To remove a remediator, select a user ID in the list, and then click Remove.
Select the timeout value, then enter the new value. By default, no timeout value is set
If you specify an escalation timeout value for the highest-level remediator selected, then the work item is removed from the list when the escalation times out.
Figure 14–9 shows the area in which you specify the remediation workflow and organizations for an audit policy.
Use this area of the page to:
Change the remediation workflow that is launched when a policy violation occurs
Select a remediation user form rule
Adjust the organizations that have access to this policy
To change the workflow assigned to a policy, you can select an alternative workflow from the list of options. By default, no workflow is assigned to an audit policy.
If no workflow is assigned to the Audit Policy, the violations will not be assigned to any remediators.
Select a remediation workflow from the list, and then click Save.
Optionally select a rule to calculate the user form applied when editing a user through a remediation.
Adjust the organizations to which this audit policy will be available, and then click Save.
Waveset provides these sample policies, accessible from the Audit Policies list:
IDM Role Comparison Policy
IDM Account Accumulation Policy
This sample policy allows you to compare a user’s current access to the access specified by Waveset roles. The policy ensures that all resource attributes specified by roles are set for the user.
This policy fails if:
The user is missing any resource attributes specified by roles
The user’s resource attributes differ from those specified by roles
This sample policy verifies that all accounts held by the user are referenced by at least one role also held by that user.
This policy fails if the user has accounts on any resources that are not explicitly referenced by a role assigned to the user.