Revoking policy exemptions

An administrator or policy owner can revoke separation of duty policy exemptions for each rule in the policy.

When you revoke an exemption, that exemption is removed from the exemption list. The user to which the exemption applies might continue to have roles that are in violation of a separation of duty policy rule. In that case, the violation is displayed again the list of violations for that policy.

  1. From the navigation tree, select Manage Policies > Manage Separation of Duty Policies. The Manage Separation of Duty Policies page is displayed.

  2. On the Manage Separation of Duty Policies page, complete these steps:

    1. Enter information about the policy in the Search information field.

    2. In the Search by field, specify whether to do the search against policy names or descriptions, business units, or role names, and then click Search. A list of policies that match the search criteria is displayed.

    3. In the Separation of Duty Policies table, click the link provided in the Exemptions column of the policy that to view. The link is displayed only if there are one or more exemptions for the separation of duty policy.The Violations and Exemptions Summary page is displayed.

  3. On the Violations and Exemptions Summary page, complete these steps:
    1. Select the order in which to sort the rules, and then click Sort. We can sort alphabetically by rule name, or sort by the number of violations or exemptions.

    2. Click the icon (Twisty) next to each rule that to view. The Exemptions table is displayed, providing information about exemptions for the rule that you specified.

    3. In the Exemptions table, select the check box next to one or more exemptions that to revoke, and then click Revoke. Selecting the check box at the top of this column selects all exemptions. The Revoke Exemptions page is displayed.

  4. On the Revoke Exemptions page:

    1. In the Exemption Summary, ensure that the policies and rules are correct.

    2. In the Notes field, type a reason for revoking the exemption, and then click Revoke. The Notes field is for auditing purposes and is not displayed in the administrative console after an exemption is revoked.


Results

A Success page is displayed, indicating that you successfully revoked the exemptions for the specified policy and rule.

We can revoke additional exemptions or approve violations.

We can use a custom audit data report to provide justification for revoking exemptions.

When we are done viewing violations and exemptions, click Close.

Parent topic: Separation of duty policies