...
EmpowerID Recertification Policies come in the following types.
Recertification Policy Type | Creates a snapshot of |
|---|
Assignee Granted Security
the Access Level Assignments (Resource Roles) and Management role assignments to an assignee as an actor.
Management Role Membership
current assignees of a Management Role.
Exchange Mailbox Permissions
Account Validity | ||
Business Role and Location Membership | ||
Direct Reports | who reports to whom. | |
Exchange Mailbox Permissions | who currently has what type of access to a given Exchange mailbox. | |
Folder Permissions | who currently has what type of access to a given Windows folder. | |
Group Membership | who currently has membership in a given group. | |
Group Owner | ||
Group Validity | ||
Management Role Access Assignment | current Resource Roles assigned to a Management Role, allowing you to quickly glean the resultant access to resources people have by virtue of their assignment to the Management Role. |
Resource Granted Security
who currently has access to any given resource object for which the policy is created.
Direct Reports
who reports to whom.
Group Membership
who currently has membership in a given group.
Folder Permissions
who currently has what type of access to a given Windows folder.
Management Role Membership | current assignees of a Management Role. | |
Management Role Validity | current validity of a Management Role. | |
Person Access Summary | ||
Person Direct Entitlements | ||
Person Validity | Person Validity, checks that the account should exists, routes the request to Person owner first and then fall-back. |
Each Recertification policy is targeted or scoped to apply only to specific people, roles, or resources using EmpowerID Query-Based Collections (SetGroups). These are comprised of Sets, which are LDAP or code-based queries. These Sets are re-evaluated by the EmpowerID engine on a scheduled basis and can group collections of people or resources based upon queries written against the EmpowerID Identity Warehouse or even external systems in a customer's environment. The use of Query-Based Collections for Recertification policies provides a rich and flexible access review mechanism by which organizations can selectively collect the objects they want to incorporate within a given policy and then schedule that policy to create review tasks in a manner that best meets the security requirements of the organization. As an example, with SetGroups you could create one Recertification Policy that targets high security groups only, scheduling that policy to run more frequently, and create another Recertification Policy for lower security groups with a less frequent run schedule.
...
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|