Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Often recertification audits generate a huge amount of data and different types of business requests during the Audit. You mightn’t want to recertify all those types and all the data every time. Adding the scope to a Recertification Policy gives the flexibility to define what data to collect based on various Item Types provided by EmpowerID. E.g., suppose you want to recertify a person’s group membership in High-Security Groups only and not other groups. In that case, you can add an Item Type and choose the Set Group that returns the High-Security Groups.

...

Image Added
Note

Always Add Item Type to the Policy: We now follow inclusive configurations to simplify the recertification policies. Audits will only collect the data based on the Item Types added to the policies. If there is an Audit with a policy with no Item Type, the Audit won’t generate any data or business requests. Previously the policies supported exclusive configuration, which means the scope of data to collect was predefined, and users were allowed only to exclude types and data.

Warning

Item Type Support in Recertification Policies: Not all policy support configuring item types, and the types differ based on the Policy. Please find more information about policy type and supported items below in Supported Item Type.

How to add Item Type Scope

You will be automatically navigated to view one page of the recertification policy with Add Item Type Scope tab once you have created a recertification policy. Please skip step 1 and 2, which provides instructions to open view one page if you already have it open.

  1. Navigate to Compliance Recertification and select the Recertification Policies tab.

  2. To find the Recertification Policy, you can type the name in the search textbox and click on the search button to search.

...

  1. Image Added

  2. Click on the link provided in the Display Name column to open the View One page.

    Image Modified

  3. Scroll to the bottom of the page and locate the Item Type Scope (Data), and click on the ➕ Add button to add a new Item Type.

...

  1. Image Added

  2. Provide the values and click on Save to create the Item Type.

    1. Select the appropriate Item Type. Item types differ based on the kind of Recertification Policy. Please find more information about policy type and supported items below in Supported Item Type.

    2. Select the scope type, which will limit the scope of the item type by All, Direct, Location, or SetGroup. The scope type determines Where/Which Data of the selected Item Type to collect in the Audit.

      Insert excerpt
      IL:Recertification Policies Components
      IL:Recertification Policies Components
      nameRecertificationResourceType
      nopaneltrue

      Image Modified

  3. One recertification policy can have multiple Item Types. Please follow the same procedure to add other Item Types to the recertification policy.

Anchor
SupportedItemType
SupportedItemType
Supported Item Type

The supported item types for the policy types are listed here, along with their description.

Policy Type

Supported Item Type

Description

Business Role And Location Membership

Group Business Role and Location direct member

Add this type to include all groups that are directly assigned to Business Roles and Locations. The scope doesn’t include any groups that inherited the membership from Management Role or OrgZone.

Management Role Business Role and Location direct member

This Item Type includes all Management Roles assigned directly to a Management Role, Business Role, and Location. This Item Type doesn’t include any Management Roles that is inherited.

Person Business Role and Location direct member

Add this type to include persons who were directly assigned to Business Roles and Locations. The scope doesn’t include any member who inherited the membership from Management Role or location.

Set Group Business Role and Location direct member

This Item Type includes all Set Group assigned directly to the Business Role and Location.

Direct Reports

Direct Reports

Add this type to include all direct reports.

Group Membership

Account Group direct member

This Item Type includes all accounts that were directly assigned to a Group.

Business Role and Location Group direct member

Add this type to include Business role and Location that were directly assigned to a Group.

Group direct member

This Item Type Includes all Groups that were assigned to another group directly.

Management Role Definition Group direct member

Add this type to include all Management Role Definition that were directly assigned to a Group

Management Role Group direct member

Add this type to include all Management Role that were directly assigned to the Group.

Person Group direct member

Add this type to include all Person that were directly assigned to the Group.

Set Group Group direct member

This Item Type includes all Set Group that were directly assigned to the Group.

Group Owner

Account Group native owner

Add this type to include all accounts that were directly assigned as Group Native Owner.

Management Role Access Assignment

Management Role Access Assignment

This Item Type Includes all the current members of a management role, including people, group, and business role and location.

Management Role Membership

Business Role and Location Management Role direct member

Add this type to include all Business Roles and Locations that were directly assigned to a Managment Role.

Group Management Role direct member

This Item Type Includes all Groups directly assigned to the Management Role.

Person Management Role direct member

Add this type to include all Person directly assigned to the Management Role.

Set Group Management Role direct member

This Item Type includes all Set Group directly assigned to the Management Role.

Person Access Summary

Direct Business Role Location

Add this type to include all person directly assigned to the Business Role or Location.

Group Membership

Add this type to include all person directly added to any Group.

Group Ownership

Add this type to include all person directly added as a Group Owner.

Management Role Membership

Add this type to include all person directly added to a Management Role.

Person Account Ownership

Add this type to include all person who were directly assigned account.

Person Direct RBAC Delegation

Add this type to include person who were granted direct RBAC delegation.

Person Location RBAC Delegation

Add this type to include person who were granted direct Location RBAC delegation.

Person Relative RBAC Delegation

Add this type to include person who were granted Relative RBAC delegation.

Next Steps

Create Recertification Audit

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

Div
stylefloat:left; position:fixed;
idarticleNav

IN THIS ARTICLE

Table of Contents
maxLevel4
minLevel2
stylenone
printablefalse