Approving policy violations

An administrator or policy owner can approve separation of duty policy violations for each rule in the policy.

When you approve a violation, an exemption is created for the specified user and the combination of roles that caused the violation. After you approve a policy violation, that violation is removed from the violation list, and a new exemption is displayed in the exemption list.

Having an exemption means that the user is allowed to be a member of the violating roles. Updates to the user's person record do not cause additional violations or warnings unless the user introduces a new violation that is not covered by the exemption.

Updates to the record of a person do not trigger an approval unless the roles of the person are updated and the combination violates a separation of duty policy, assuming that an exemption does not exist for the policy.

  1. From the navigation tree, select Manage Policies > Manage Separation of Duty Policies. The Manage Separation of Duty Policies page is displayed.

  2. On the Manage Separation of Duty Policies page, complete these steps:

    1. Enter information about the policy in the Search information field.

    2. In the Search by field, specify whether to do the search against policy names or descriptions, business units, or role names, and then click Search. A list of policies that match the search criteria is displayed.

    3. In the Separation of Duty Policies table, click the link provided in the Violations column of the policy that to view. The link is displayed only if there are one or more violations for the separation of duty policy.The Violations and Exemptions Summary page is displayed.

  3. On the Violations and Exemptions Summary page, complete these steps:
    1. Select the order in which to sort the rules, and then click Sort. We can sort alphabetically by rule name, or sort by the number of violations or exemptions.

    2. Click the icon (Twisty) next to each rule that to view. The Violations table is displayed, providing information about violations for the rule that you specified.

    3. In the Violations table, select the check box next to one or more violations that to approve, and then click Approve. Selecting the check box at the top of this column selects all violations. The Approve Violations page is displayed.

  4. On the Approve Violations page:

    1. In the Violation Summary, ensure that the policies and rules are correct.

    2. In the Notes field, type a reason for approving the violation, and then click Approve.


Results

A Success page is displayed, indicating that you successfully approved the violations for the specified policy and rule.

We can approve additional violations or revoke exemptions.

When we are done viewing violations and exemptions, click Close.

Parent topic: Separation of duty policies