1. Performing Self Service Tasks with Oracle Identity Governance
  2. Working with Self Service
  3. Managing Pending Violations

11 Managing Pending Violations

The Oracle Identity Manager allows you to view the policy violations assigned to you and take action on them.

This chapter describes how to manage the pending violations assigned to you. It contains the following sections:

11.1 Viewing Policy Violations

You can view the policy violations assigned to you from the Inbox or the Pending Violations page of Oracle Identity Self Service.

You can navigate and view the policy violations assigned to you in any one of the following ways:

  1. In Oracle Identity Self Service, click the Self Service tab. Click the icon in the Pending Violations tile.

    Note:

    • When policy violation tasks are generated, the notification icon in the Pending Violations tile displays the number of pending violations. However, you must restart Oracle Identity Manager server for displaying the number of pending violation tasks in the notification icon.

    • For certification and identity audit tasks, use the Certifications and Pending Violations tiles respectively. If you are using the Inbox Generic view, then do not use the Actions menu because the actions are not supported for certification and identity audit.

  2. In Oracle Identity Self Service, click the down arrow at the top, and select Inbox. Under Views, click the Pending Violations view.

11.2 Searching Pending Violations

You can search for policy violations if you are aware of the policy violation name that is system-generated.

To search for pending violations:

  1. Login to Oracle Identity Self Service.
  2. Click the Self Service tab.
  3. Click the icon in the Pending Violations box. The Pending Violations page is displayed.

    Alternatively, you can open the Inbox and click the Pending Violations view, as described in Viewing Policy Violations.

  4. In the Search field, enter a search criterion, such as the policy violation name.
  5. Click the Search icon. The pending violations that match the search criteria are displayed in a tabular format.

11.3 Completing Policy Violations

You can take corrective action on the policy violations assigned to you based on the cause of the violation and request for remediation.

To request for remediation for a policy violation assigned to you:

  1. Navigate to the Pending Violation page or Inbox, as described in Viewing Policy Violations.

  2. Click the policy violation to open the Violation details page. This page consists of the following tabs:

    • Details: This tab has the following sections:

      • Violation Details: Displays the details of the policy violation, such as the policy attributes, status, detection count, and the details of the user for which the violation is generated.

      • Access Details: Displays the cause of the violation, the rules within the policy that have been violated, the status and attributes of the violation, and comments, if any. In addition, the Attributes column displays details of the cause of the violation.

        You can place your mouse pointer on the information icon in the Rules Violated column to display a popup with details of the violated rule, such as rule name, description, and rule condition.

    • Action History: This tab displays all actions taken by the remediator of the policy till the current state.

  3. For each item in the Access Details section of the Details tab, you can perform the following actions:

    • Close as Fixed: This action is to indicate that the cause has been fixed manually, either because it has been taken care of outside the system or the remediator has manually taken action to ensure that this access no longer exists for the user.

      To close the policy violation cause by accepting the violation risk:

      1. Select Close as Fixed. Alternatively, click Close on the toolbar, and then select Close as Fixed. The Provide Comments dialog box is displayed.

      2. Enter a comment, and click Submit.

    • Close as Risk Accepted: This action is to indicate that the access is required by the user for a particular time period, and the user can have the access until that date.

      To close the policy violation cause by accepting the violation risk:

      1. From the Actions menu, select Close as Risk Accepted. Alternatively, click Close on the toolbar, and then select Close as Risk Accepted. The Provide Comments dialog box is displayed.

      2. In the Expiration Date field, specify a date after which the violation will be re-opened if it still exists.

        The default value of the Expiration Date field is 30 days. It can be increased to more than 30 by setting the value of the Maximum Risk Acceptance period for Policy Violation Causes field. For information about setting the value of this field, see Setting Identity Audit Options.

      3. In the Comments field, enter a comment, and click Submit.

    • Request for Remediation: This action is to indicate that you want to revoke the access of the user because it is not required by the user, in order to mitigate the violation.

      Note:

      This action is not available for any user attribute that is causing violations, for example user title.

      To request for remediation of the policy violation cause:

      1. From the Actions menu, select Request for Remediation. Alternatively, click Remediate on the toolbar. The Provide Comments dialog box is displayed.

      2. Enter a comment, and click Submit.

  4. After you have taken actions on some or all or the access details, click Complete on the top-right corner of the screen.

    Based on the actions taken and the conditions of the rules, the policy violation will either be closed (if there are no more violations) or re-opened (if some of the actions were left open or the risk accepted date has passed and the user still has the access) during subsequent identity audit scans.

11.4 Reassigning or Delegating Policy Violations

You can reassign or delegate a policy violation task to other user/users. The ownership of the task is transferred to the user (assignee), and the task is removed from your view.

To reassign or delegate policy violations to other users:

  1. Navigate to the Pending Violation page or Inbox, as described in Viewing Policy Violations.
  2. Search and select the policy violation that you want to reassign or delegate.
  3. From the Actions menu, select Reassign. The Reassign Task dialog box is displayed.
  4. Select any one of the following options:

    • Reassign (transfer task to another user or group): Select this option if you want to move the pending violation task to other users or roles that you specify.

    • Delegate (allow specified user to act on my behalf): Select this option if you want to allow the specified user to take action on the pending violation task on behalf of the logged-in user.

  5. Search for the users (assignees) by specifying a search criterion in the search field.
  6. Select the checkbox for each user that you want to select.

    You can click Select All to select all the users in the search result, or you can click Select None to reset your selection.

  7. Click OK. The pending violation task is reassigned/delegated to the selected users. The task is no longer displayed in the task view of the logged-in user.