Evaluating separation of duty policies

An administrator can evaluate a separation of duty policy without doing a data synchronization. By running the evaluation, you can view current policy violation and exemption information. The evaluation process searches for violations to the policies that we specify.

Violations are kept current as user role membership is modified. There are some cases where a change in the system might require a re-evaluation of separation of duty policy violations for one or more specific policies. These situations include:

• Create or changing a separation of duty policy
• Change a role hierarchy
• Running an identity feed with evaluations disabled

In these cases, run a separation of duty policy violation evaluation on one or more policies. We can do the evaluation in one of these ways:

• By running a full report data synchronization, which finds violations for all policies
• By running evaluations on individual policies

When you disable a policy and then do another evaluation on the disabled policy, new violation warnings or exemption approval to-do activities are generated.

1. From the navigation tree, select Manage Policies > Manage Separation of Duty Policies. The Manage Separation of Duty Policies page is displayed.

2. On the Manage Separation of Duty Policies page, complete these steps:

   1. Enter information about the policy in the Search information field.

   2. In the Search by field, specify whether to do the search against policy names or descriptions, business units, or role names, and then click Search. A list of policies that match the search criteria is displayed.

   3. In the Separation of Duty Policies table, select the check box next to the policy that to evaluate, and then click Evaluate. Selecting the check box at the top of this column selects all policies. A confirmation page is displayed.

   4. On the Confirm page, click Evaluate to run the evaluation, or click Cancel.

Results

A Success page is displayed, indicating that you successfully submitted a request to do an evaluation on a separation of duty policy.

After the evaluation is complete, the violation count for the policy is updated.

We can continue working with separation of duty policies, view the request, or click Close.

Parent topic: Separation of duty policies