Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Recertification Policy Type

Description

Account Validity

Account validity recertification is a method of determining whether or not accounts are still required. Certain actions must be made if the accounts are no longer required. In other words, an account validity recertification policy to certify whether an account should exist or not.

In the account validity recertification process, a responsible person (manager, responsible party, or other designated person) checks the user's account and decides whether this account should continue to exist.

For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

In the case of account validity recertification, the recertification engine bundles the recertification items into business requests as per the responsible partyassigned. For any item being recertified where its responsible party is null, it bundles them into one business request as per the fall-back assignee.

The possible decisions for the business requests are generally set as certify, disable or delete. However, these decisions are configucreatingre details on how to create an account validity recertification policy, visit the account validity recertification page.

Business Role and Location Membership

The business role and location membership recertification process validates whether the membership of a business role and location is still required for a valid business purpose. Certain actions must be made if membership is no longer required. In other words, the business role and location membership recertification policy is to certify whether membership should exist.

For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

The engine bundles the recertification items into business requests based on the object itself. Therefore, in this case, the business role and location are the bundles for the business requests, and its members are items.

The possible decisions for the business requests are generally set to certify or revoke the business role and location membership. However, these decisions are configurable. If you would like more details on creating a business role and location membership recertification policy, visit the business role and location membership page.

Direct Reports

The Direct Reports recertification process validates if the managers and their direct reports are still required for a valid business purpose. Certain actions must be made if the direct report is no longer required or changed. In other words, the direct reports recertification policy is to certify whether a direct report for a particular manager should exist.

To complete creating a recertification policy, add Targets to define who or what to recertify and add Item Type Scope to limit which data/access to recertify. For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

Group Membership

The group membership recertification process validates whether the membership of a group is still required for a valid business purpose. Certain actions must be made if membership is no longer required. In other words, the group membership recertification policy is to certify whether membership should exist or not.

For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

The engine bundles the recertification items into business requests based on the object itself. Therefore, in this case, the group is the bundle for the business requests, and its members are items.

The possible decisions are generally set to certify or revoke the group membership. However, these decisions are configurable. For more details on how to create a group membership recertification policy, visit the group membership recertification page.

Group Owner

The Group Owner membership recertification process validates whether an account as a group owner is still required for a valid business purpose. Certain actions must be made if the account should no longer own the group. In other words, the Group Owner recertification policy is to certify whether an account should own a group.

To complete creating a recertification policy, add Targets to define who or what to recertify and add Item Type Scope to limit which data/access to recertify. For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

Group Validity

Group validity recertification is a method of determining whether or not groups are still required. Certain actions must be made if the groups are no longer required. In other words, the group validity recertification policy certifies whether a group should exist.

In the group validity recertification process, a responsible person (group owner, responsible party, or other designated person) checks the group and decides whether this group should continue to exist.

For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

In the case of group validity recertification, the recertification engine bundles the recertification items into business requests as per the responsible party assigned. For any item being recertified where its responsible party is null, it bundles them into one business request as per the fall-back assignee.

The possible decisions are generally set to certify, disable or delete. However, these decisions are configurable. For more details on how to create a group validity recertification policy, visit the group validity recertification page.

 

Management Role Access Assignment

The management role access assignment recertification process validates whether the access granted to a management role is still required for a valid business purpose. Certain actions must be made if access is no longer required. In other words, the management role access recertification policy is to certify whether an access grant should exist.

For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

The engine bundles the recertification items into business requests based on the object itself. Therefore, in this case, the management role is the bundle for the business request, and the access already granted is items.

If you want more details on creating a management role access assignment type recertification policy, you can visit the management role access assignment page.

Management Role Membership

The management role membership recertification process validates whether the membership of a management role is still required for a valid business purpose. Certain actions must be made if membership is no longer required. In other words, the management role membership recertification policy is to certify whether membership should exist.

For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

The engine bundles the recertification items into business requests based on the object itself. Therefore, in this case, the management role is the bundle for the business requests, and its members are items.

The possible decisions are generally set to certify or revoke the management role membership. However, these decisions are configurable.

For more details on creating a management role membership recertification policy, visit the management role membership page.

Management Role Validity

The management role validity recertification is a method of determining whether or not management roles are still required. Certain actions must be made if the management roles are no longer required. In other words, the management role validity recertification policy certifies whether a management role should exist.

In the management role validity recertification process, a responsible person (owner, responsible party, or other designated person) checks the management role and decides whether this management role should continue to exist or not.

For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

In the case of management role validity recertification, the recertification engine bundles the recertification items into business requests according to the responsible party assigned. For any item being recertified where its responsible party is null, it bundles them into one business request as per the fall-back assignee.

The possible decisions for the business requests are generally set as certify, disable or delete. However, these decisions are configurable.

For more details on how to create a management role validity recertification policy, visit the management role validity recertification page.

Person Access Summary

The person access summary policy validates the person with all types of access assignments currently granted to a Person. Simply, this policy is to certify if a person should have the access that the person currently possesses.

The person access summary recertifies

  • All RBAC assignments, including direct, relative, and by-location assignments

  • Direct Business Role and Location assignments

  • Any group memberships, including those on their accounts and those granted through RBAC

  • Any Management Role memberships

  • Account and group ownership

To complete creating a recertification policy, add Targets to define who or what to recertify and add Item Type Scope to limit which data/access to recertify. For the recertification, a recertification policy is created, a recertification audit is created, and the recertification policy is added to the audit. The audit is compiled, which generates business requests that are sent for approval.

Person Validity

The person validity recertification is a method of determining whether or not the person is still required. Certain actions must be made if the persons are no longer required. In other words, the person validity recertification policy is to certify whether a person should exist or not.

In the person validity recertification process, a responsible person (manager, responsible party, or other designated person) checks the person and decides whether this person should continue to exist.

For the recertification, a recertification policy is created, a recertification audit is created, the recertification policy is added to the audit, then the audit is compiled, which generates business requests that are sent for approval.

In case of person validity recertification, the recertification engine bundles the recertification items into business requests as per the responsible party assigned. For any item being recertified where its responsible party is null, it bundles them into one business request as per the fall-back assignee.

The possible decisions for the business requests are generally set as certify, disable or delete. However, these decisions are configurable.

If you would like more details on creating a person validity recertification policy, you can visit the person validity recertification page.

...