Add Item Type Scope (Data) to Recertification Policy
- Phillip Hanegan
Adding an Item Type Scope to the Recertification Policy enables users to configure what data should be collected for recertification. Often recertification audits generate a huge amount of data and different types of business requests during the Audit. With Item Scope, users can tailor the recertification process to their specific needs and only collect relevant data for their organization. This can streamline the recertification process and reduce the amount of data that needs to be collected and reviewed. The feature also enables organizations to focus on specific access types that are more critical or sensitive and recertify them more frequently than others.
Target vs. Scope
You are adding Target(s) to configure who/what to recertify. In contrast, Item Type Scope will determine which data/access to recertify. You can add multiple targets to a recertification policy, such as two groups and a management role, but then use the Item Type Scope to only recertify a specific subset of those targets, such as people who are directly a group member and also a resultant people in a Set Group called High Security People. This would result in recertifying only the people in the set Group, not the other members of the added groups.
A Recertification Policy can have multiple scope types and objects of the same scope type.
Â
Always Add Item Type to the Policy: We now follow inclusive configurations to simplify the recertification policies. Audits will only collect the data based on the Item Types added to the policies. If there is an Audit with a policy with no Item Type, the Audit won’t generate any data or business requests. Previously the policies supported exclusive configuration, which means the scope of data to collect was predefined, and users were allowed only to exclude types and data.
Item Type Support in Recertification Policies: Not all policy support configuring item types, and the types differ based on the Policy. Please find more information about policy type and supported items below in Supported Item Type.
How to add Item Type Scope
You will be automatically navigated to view one page of the recertification policy with Add Item Type Scope tab once you have created a recertification policy. Please skip step 1, 2, and 3, which provides instructions to open view one page if you already have it open.
Navigate to Compliance → Recertification and select the Recertification Policies tab.
To find the Recertification Policy, you can type the name in the search textbox and click on the search button to search.
Â
Click on the link provided in the Display Name column to open the View One page.
Â
Scroll to the bottom of the page and locate the Item Type Scope (Data), and click on the Add button to add a new Item Type.
Â
Provide the values and click on Save to create the Item Type.
Select the appropriate Item Type. Item types differ based on the kind of Recertification Policy. Please find more information about policy type and supported items below in Supported Item Type.
Select the scope type, which will limit the scope of the item type by All, Direct, Location, or SetGroup. The scope type determines Where/Which Data of the selected Item Type to collect in the Audit.
Â
One recertification policy can have multiple Item Types. Please follow the same procedure to add other Item Types to the recertification policy. You will be able to see the target listed in the grid after you save
Â
Supported Item Type
The supported item types for the policy types are listed here, along with their description.
Policy Type | Supported Item Type | Description |
|---|---|---|
Business Role And Location Membership | Group Business Role and Location direct member | Add this type to include all groups directly assigned to Business Roles and Locations. The scope doesn’t include any groups that inherited the membership from Management Role or OrgZone. |
Management Role Business Role and Location direct member | This Item Type includes all Management Roles assigned directly to a Management Role, Business Role, and Location. This Item Type doesn’t include any Management Roles that are inherited. | |
Person Business Role and Location direct member | Add this type to include persons who were directly assigned to Business Roles and Locations. The scope doesn’t include any member who inherited the membership from Management Role or Location. | |
Set Group Business Role and Location direct member | This Item Type includes all Set Group assigned directly to the Business Role and Location. | |
Direct Reports | Direct Reports | Add this type to include all direct reports. |
Group Membership | Account Group direct member | This Item Type includes all accounts that were directly assigned to a Group. |
Business Role and Location Group direct member | Add this type to include the Business role and Location that were directly assigned to a Group. | |
Group direct member | This Item Type Includes all Groups that were assigned to another group directly. | |
Management Role Definition Group direct member | Add this type to include all Management Role Definition directly assigned to a Group. | |
Management Role Group direct member | Add this type to include all Management Roles directly assigned to the Group. | |
Person Group direct member | Add this type to include all People directly assigned to the Group. | |
Set Group Group direct member | This Item Type includes all Set Groups directly assigned to the Group. | |
Group Owner | Account Group native owner | Add this type to include all accounts directly assigned as Group Native Owners. |
Management Role Access Assignment | Management Role Access Assignment | This Item Type Includes all the current members of a management role, including people, Groups, and business roles and Locations. |
Management Role Membership | Business Role and Location Management Role direct member | Add this type to include all Business Roles and Locations directly assigned to a Management Role. |
 | Group Management Role direct member | This Item Type Includes all Groups directly assigned to the Management Role. |
 | Person Management Role direct member | Add this type to include all Persons directly assigned to the Management Role. |
 | Set Group Management Role direct member | This Item Type includes all Set Groups directly assigned to the Management Role. |
Person Access Summary | Direct Business Role Location | Add this type to include all Person directly assigned to the Business Role or Location. |
Group Membership | Add this type to include all Person directly added to any Group. | |
Group Ownership | Add this type to include all Person directly added as a Group Owner. | |
Management Role Membership | Add this type to include all Person directly added to a Management Role. | |
Person Account Ownership | Add this type to include all Person who was directly assigned an account. | |
Person Direct RBAC Delegation | Add this type to include Persons who were granted direct RBAC delegation. | |
Person Location RBAC Delegation | Add this type to include the Person who was granted direct Location RBAC delegation. | |
Person Relative RBAC Delegation | Add this type to include a person who was granted Relative RBAC delegation. |
Â
Next Steps
Â
Â