...
Recertification Policy Type | Description |
|---|---|
Account validity recertification is a method of determining whether or not accounts are still required. Certain actions must be made if the accounts are no longer required. In other words, account validity recertification policy is to certify whether an account should exist or not. For the recertification, a recertification policy is created, a recertification audit is created, the recertification policy is added to the audit, then audit is compiled, which generates business requests that are sent for approval. In case of account validity recertification, the recertification engine bundles the recertification items into business requests as per the responsible partyassigned. For any item being recertified where its responsible party is null, it bundles them into one business request as per the fall-back assignee. The possible decisions for the business requests are generally set as certify, disable or delete. However, these decisions are configurable. For more details on how to create an account validity recertification policy visit this account validity recertification page. | |
Business The business role and location membership recertification is a method of determining whether or not process validates whether the membership of a business role and location are is still required for a valid business purpose. Certain actions must be made if the membership is no longer required. In other words, business role and location membership recertification policy is to certify whether a membership should exist or not. For the recertification, a recertification policy is created, a recertification audit is created, the recertification policy is added to the audit, then audit is compiled, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests based on the object itself. Therefore in this case the business role and location is the bundle for the business request requests and its members are items. The possible decisions for the business requests are generally set as certify or revoke the memberbusiness role and location membership. However, these decisions are configurable. For more details on how to create a business role and location membership recertification policy visit this business role and location membership page. | |
The group membership recertification process validates whether the membership of a group is still required for a valid business purpose. Certain actions must be made if the membership is no longer required. In other words, group membership recertification policy is used to certify group membership, including Person resource for RBAC membership, group account, nested groups and any of the type of direct assignments. For the recertification, an audit is createdwhether a membership should exist or not. For the recertification, a recertification policy is created, a recertification audit is created, the recertification policy is added to the audit, then audit is compiled, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests based on the object itself. Therefore in this case the group is the bundle for the business request requests and its members are items. The possible decisions are generally configured set as certify or revoke the membergroup membership. However, these decisions are configurable. For more details on how to create a group membership recertification policy visit this group membership recertification page. | |
The group validity recertification policy is to certify whether a group should exist or not in the group. For the recertification, an audit is created, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests as per the responsible party. For any item being recertified where its responsible party is null, it bundles them all into one business request where the subject of the request is the fall-back assignee. The possible decisions are generally configured as certify, disable or delete. However, these decisions are configurable. For more details on how to create an group validity recertification policy visit this page. | |
The management role access assignment recertification policy is to certify the access granted to the management role, including any RBAC assignment. For the recertification, an audit is created, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests based on the object itself. Therefore in this case the management role is the bundle for the business request and its members are items. For more details on how to create a management role access assignment type recertification policy visit this page. | |
The management role membership recertification policy is to certify the current members of a management role, including people, group, and business role and location. For the recertification, an audit is created, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests based on the object itself. Therefore in this case the management role is the bundle for the business request and its members are items. The possible decisions are generally configured as certify or revoke the member. However, these decisions are configurable. For more details on how to create a management role membership recertification policy visit this page. | |
The management role validity recertification policy is to certify the current validity of a management role. For the recertification, an audit is created, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests as per the responsible party. For any item being recertified where its responsible party is null, it bundles them all into one business request where the subject of the request is the fall-back assignee. This recertification determines if the management role should exist, be "disabled,” or deleted. For more details on how to create a management role validity recertification policy visit this page. | |
The person validity recertification policy is used to certify the person should exist or not. For the recertification, an audit is created, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests as per the responsible party. For any item being recertified where its responsible party is null, it bundles them all into one business request where the subject of the request is the fall-back assignee. The possible decisions are generally configured as certify, disable or delete. However, these decisions are configurable. For more details on how to create a person validity recertification policy visit this page. |
...