JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Analytics Business Administrator's Guide 11g Release 1
search filter icon
search icon

Document Information


1.  Oracle Identity Analytics Identity Warehouse

2.  Oracle Identity Analytics Importing

3.  Oracle Identity Analytics ETL Process

4.  Oracle Identity Analytics Data Correlation

5.  Oracle Identity Analytics Role Engineering and Management

6.  Oracle Identity Analytics Workflows

7.  Oracle Identity Analytics Identity Certifications

8.  Oracle Identity Analytics Identity Audit

Working With Audit Rules

Impact of Rule Condition Modifications

Impact of Adding / Removing Rules in a Policy

To Create Audit Rules

To Edit / Change the State of an Audit Rule

Working With Audit Policies

To Create Audit Policies

To Edit / Change the State of an Audit Policy

To Preview Audit Policy Scan Results

To Run An Audit Policy

9.  Oracle Identity Analytics Reports

10.  Oracle Identity Analytics Scheduling

11.  Oracle Identity Analytics Configuration

12.  Oracle Identity Analytics Access Control

13.  Audit Event Log and Import-Export Log

Working With Audit Rules

An identity audit rule has a rule condition. If, during an audit policy scan, the rule condition evaluates to true, the rule is triggered.

You can define complex rules with nested conditions on the basis of user information, resource types attributes, role metadata, classification, and business structure metadata.

An audit rule can be assigned one of three states: active, inactive, and decommissioned. Only active rules associated with an identity audit policy can be scanned.

Impact of Rule Condition Modifications

When a rule condition is modified, all policies associated with this rule are impacted. If the modified rule is the cause of any existing open violations in the system, the cause and the associated violation will be impacted by the change in condition.

When users associated with such impacted violation are scanned against the policies associated with the modified rule, the following actions are taken on the violation:

  1. A check is done if the modified condition still causes an exception.

  2. If the rule condition still results in an exception, then the violation cause status is set to "Active." Otherwise, it is set to "Inactive."

  3. The parent violation is updated accordingly.

Impact of Adding / Removing Rules in a Policy

Removing one or more rules from a policy is allowed only if all violations associated with that policy are in the "Closed" state.

So if you intend to remove rules, you must change all unresolved (Open, Closed as Fixed, Closed as Risk Accepted) violations to the "Closed" state.

Adding of new rules to an existing policy is allowed. However, this change can impact some existing unresolved violations. The next time the modified policy is scanned, existing open violations that are impacted by this change are updated and new ones are created if the new rules have caused exceptions.

To Create Audit Rules

  1. Log in to Oracle Identity Analytics.

  2. Choose Identity Audit > Rules.

  3. Click New Rule.

    The New Rule form wizard opens.

  4. Enter a name and description for the rule, and select whether the rule should be Active or Inactive.

  5. Create one or more conditions for the rule.

    Select the Object (either User, Role, Business Unit, or Resource Types objects are provided), the corresponding attribute, the rule condition, and enter the value.

    You can use operators such as And / Or to add more conditions.

    Use the Group and Ungroup buttons to create complex conditions.

  6. Click Save.

    The rule is created and is displayed on the Rule page.

To Edit / Change the State of an Audit Rule

  1. Log in to Oracle Identity Analytics.

  2. Choose Identity Audit > Rules.

    All the rules that have been created are displayed.

  3. Click the rule that you want to edit or to make active/inactive.

    The Edit Rule page opens.

  4. Edit the fields, as required.

  5. Change the state to Active, Inactive, or Decommissioned, as required.

    A decommissioned rule is inactive permanently. This rule cannot be activated again. However, all information about the rule is retained in Oracle Identity Analytics.

  6. Click Save.