When a preventative identity policy applies to a business change, CA performs certain actions to address the violation.
When you specify one of these actions in an identity policy, you specify a message that describes the violation. This message is recorded in the audit database. Depending on the type of action, the message may also be displayed to users in the User Console and recorded in View Submitted Tasks.
You can configure the following actions for a preventative identity policy:
CA Identity Manager displays a message in View Submitted Tasks that describes the violation, but allows the task to be submitted.
CA Identity Manager displays a message in the User Console and prohibits the task from submitting.
CA Identity Manager displays a message in the User Console and in View Submitted Tasks. This action can optionally trigger a workflow process that requires an approval from an appropriate user before CA Identity Manager executes the task.
To trigger a workflow process, you associate the preventative identity policy with a policy-based workflow process in tasks that may cause the violation.
For example, if the violation occurs when a user receives certain roles at the same time, configure the workflow process for all tasks that assign those roles to users.
Note: When you configure the policy-based workflow process for the task, the approval rule must reference the name of the preventative identity policy.
Copyright © 2015 CA Technologies.
All rights reserved.
|
|