Page Comparison

• Access for Active People (Logged in Last 90 Days)

• — For certifying the EmpowerID access assignments for all people who logged in during the last 90 days.
• All Access Assignments for Shared Folders flagged as Audit

•  — For certifying shared folder access.
• Certify Access Assignments for Resource Mailboxes

•  — For certifying access to resource mailboxes.
• Direct Reports Recertification - All People Logged in Last 90 Days

•  — For managers to recertify any direct reports who have logged in within the last 90 days.
• Mailbox Permissions

•  — For certifying mailbox permissions.
• Management Role Access

•  — For certifying the access granted to Management Roles
• Person Access Summary for People Logged in Last 90 Days

•  — For certifying the access of all people who have logged in within the last 90 days.
• Person Direct Entitlements

•  — For managers to certify or revoke the access of their direct reports.
• SharePoint Group Access Assignments — All EmpowerID access assignments for SharePoint groups.

To create a Recertification Policy

1. Log in to the EmpowerID Web application as an auditor or other person with the ability to configure audits.

2. In the Navigation Sidebar,

1. expand Compliance Management and click Audit Configuration.

2. On the Actions tab, click Create Recertification Policy.

Image Removed

1. 
   
   Image Added
2. In the Policy Details form that appears,

1. click the Policy Type drop-down and select the appropriate policy type

1. . 
   
   Image Added
   • Assignee Granted Security — Access Level Assignments and Management Role assignments granted to an assignee as an actor

1. • Direct Reports

1. •  — who reports to whom

1. • Exchange Mailbox Permissions

1. •  — who currently has what type of access to a given Exchange mailbox

1. • Folder Permissions

1. •  — who currently has what type of access to a given Windows folder

1. • Group Membership

1. •  — who currently has membership in a given group

1. • Management Role Membership — current assignees of a Management Role
   • Person Access Summary

1. •  — all access assignments currently granted to a Person,

1. • including:
     • All RBAC assignments, including direct, relative, and by-location assignments
     • Business Role and Location assignments
     • Any group memberships, including those on their accounts and those granted through RBAC
     • Any Management Role memberships
     • Account and group ownership
     • Any native permissions, such as NTFS permissions for shared folders and Exchange mailbox permissions

1. • • or ACLs
       
       
   • Person Direct Entitlements

1. •  — current access granted to people

1. • (also creates recertification tasks for the managers of each person targeted by the policy

1. • )
   • Resource Granted Security

1. •  — who currently has access to any given resource object for which the policy is created

1. • 
     
     
2. This example selects Person Direct Entitlements.

2. Fill in the Name, Display Name and Description fields.

2. Select Enabled to enable the policy.
3. Click Save.

Image Removed

1.  
   
   Image Added