...
- Access for Active People (Logged in Last 90 Days) — For certifying the EmpowerID access assignments for all people who logged in during the last 90 days.
- All Access Assignments for Shared Folders flagged as Audit — For certifying shared folder access.
- Certify Access Assignments for Resource Mailboxes — For certifying access to resource mailboxes.
- Direct Reports Recertification - All People Logged in Last 90 Days — For managers to recertify any direct reports who have logged in within the last 90 days.
- Mailbox Permissions — For certifying mailbox permissions.
- Management Role Access — For certifying the access granted to Management Roles
- Person Access Summary for People Logged in Last 90 Days — For certifying the access of all people who have logged in within the last 90 days.
- Person Direct Entitlements — For managers to certify or revoke the access of their direct reports.
- SharePoint Group Access Assignments — All EmpowerID access assignments for SharePoint groups.
To create a Recertification Policy
- Log in to the EmpowerID Web application as an auditor or other person with the ability to configure audits.
- In the Navigation Sidebarnavigation sidebar, expand Compliance Management and click Audit Configuration.
- On the Actions tab, click Create Recertification Policy.
- In the Policy Details form that appears, drop down the Policy Type and select from the following options to create a snapshot of the policy type's data:
- Assignee Granted Security — Access Level Assignments and Management Role assignments granted to an assignee as an actor
- Direct Reports — who reports to whom
- Exchange Mailbox Permissions — who currently has what type of access to a given Exchange mailbox
- Folder Permissions — who currently has what type of access to a given Windows folder
- Group Membership — who currently has membership in a given group
- Management Role Membership — current assignees of a Management Role
- Person Access Summary — all access assignments currently granted to a Person, including:
- All RBAC assignments, including direct, relative, and by-location assignments
- Business Role and Location assignments
- Any group memberships, including those on their accounts and those granted through RBAC
- Any Management Role memberships
- Account and group ownership
- Any native permissions, such as NTFS permissions for shared folders and Exchange mailbox permissions or ACLs
- Person Direct Entitlements — current access granted to people (also creates recertification tasks for the managers of each person targeted by the policy)
- Resource Granted Security — who currently has access to any given resource object for which the policy is created
- This example selects Person Direct Entitlements.
- Fill in the Name, Display Name and Description fields.
- Select Enabled to enable the policy.
- Click Save.
...