An audit can be considered as a project with a start date and end date. We might want to audit or certify multiple items using an audit. For example, in a Q1 audit you might want to certify, an external partner, identify as well as a member of certain high-risk management roles. These items are specified in one or more recertification policies. As a project might have multiple deliverables an audit can have multiple recertification policies associated with it. We can create recertification policies of different types in the EmpowerID system, and these policies are reusable.
Recertification policies are policies that you add to audits to generate recertification review tasks for the access assignments given to people, roles, groups, and Query-Based collections. Management role access assignment The management role access assignment recertification process validates whether the access granted to a management role is still required for a valid business purpose. Certain actions must be made if access is no longer required. In other words, the management role of access recertification policy is to certify the whether access granted should exist or not.
For the recertification, a recertification policy is created, a recertification audit is created, the recertification policy is added to the management role, including any RBAC assignment. In this post, we will create a management role access assignment recertification policy and add a target to itthe audit, then the audit is compiled, which generates business requests that are sent for approval.
The engine bundles the recertification items into business requests based on the object itself. Therefore in this case the management role is the bundle for the business request and the access already granted are items.
Pre-requisite for recertification policies, audit compilation and fulfilment of business requests.
...