...
- Home
- Managing EmpowerID Policies
- Audit and Separation of Duties Policies
- Current: Reviewing Separation of Duties Violations
...
| Div | ||
|---|---|---|
| ||
Home / Identity Governance / Separation of Duties / Current: Reviewing Separation of Duties Violations |
When a Separation of Duties policy is compiled, EmpowerID creates a review task for each policy violation it finds based on the rules applied to the policy.
For example,
ifyou can have
aan SoD policy with a rule that specifies that a violation
should occur wheneveroccurs when any one person is assigned to both Management Role "A" and Management Role "B" at the same time
, when. When the SoD engine runs, it checks to see if any one person belongs to both of those roles. If the engine finds people with both roles, it creates
aan SoD review task for each violation (one per person). These tasks can then be reviewed and remediated by anyone assigned
thethe Enterprise Compliance Officer Management Role as well as anyone assigned to all of the following Access Levels:
- The Reviewer Access Level for the people violating the policy
- The Reviewer Access Level for the Separation of Duties policy
- The Viewer Access Level for
- the Auditor Compliance Dashboard (if you want the person to have access to the dashboard)
- The Viewer Access Level for the Auditor Compliance Open Violations page of the Auditor Compliance Dashboard and/or the Viewer Access Level for the User Compliance Open Violations page of the User Compliance Dashboard
To review Separation of Duties Violations
- Log in to the EmpowerID Web application as either a person assigned the Enterprise Compliance Officer Management Role or a person with all of the above mentioned Access Levels.
- In the Navigation Sidebar,
- expand Compliance and Reports
- , then For Auditors, and
- click Policy Violations To Do.
From the Open Violations page, search for the SoD Policy with
violations to review and
click the link for the violation
in the SoD Violations grid.
Info The image below
shows what the Navigation Sidebar looks like for someone who has
limited access to the Auditor Compliance Dashboard via the Access Level assignments mentioned above. If the person
is a member of the Enterprise Compliance Officer Management Role,
they see all available pages for the dashboard.
This directs you to the View page for this violation. This page
lets you
view
details of the violation, including the
assignment combinations comprising it
. It also displays a set of decisions
to submit to remediate the violation.
- From the Separation of Duties page, click the Submit Decision link beside the decision that reflects the remediation taken. These decisions include the following:
- Acknowledged - The SoD Violation has been noted, but no corrective action has been taken by the reviewer.
- Corrected - The SoD violation has been corrected.
- Permitted - The SoD violation is unresolved but allowed.
- Policy Changed - The SoD Policy has been changed to allow any exceptions to a previous version of the policy.
- Enter comments for the resolution and click OK.
The SoD Policy Violation Details page updates to show the decision.
| Info | |||||||
|---|---|---|---|---|---|---|---|
|
|
|