Skip to content

Creating Rulebooks - NEW

Note

This page contains information for the latest Creating Rulebooks functionality. The former Creating Rulebooks functionality is also still supported. Refer to Creating Rulebooks.

Create a new rulebook from a template or by editing an existing rulebook that was created in the new format.

  1. Go to Risks - NEW > Rulebooks.

  2. Open and update an existing rulebook or new rulebook template.

    a. To download a template and create a new rulebook, select Import, then Download Template.

    b. To update an existing rulebook, select the Download icon in the rulebook’s row.

    • On the Activity History page, locate your export on the Data Exports tab.
    • Select Download in the Actions column.

    c. Update the .xlsx file.

  3. In Access Risk Management, return to Risks – NEW > Rulebooks and select Import.

  4. Use the Select Files button or drag and drop files into the File Selection field.

  5. Select Upload.

    Important

    Importing rulebooks will delete all information in that rulebook that is not present in the upload file. Be sure to download a copy of the existing rulebook if there is information you want to retain.

  6. In the confirmation dialog, select Import.

  7. After a successful import, your new rulebook will be listed on the Risks - NEW > Rulebooks > Multi-System Rulebooks page and available to select when evaluating risks and running reports. See Creating a Risk Analysis - NEW.

Finding Data

You may notice differences between the format of legacy rulebooks and new rulebooks, including:

  • Fewer tabs. The new rulebook has simplified the number of tabs.
  • Manage mitigating controls in the UI. Information previously found on various mitigating controls tabs in the rulebook can be viewed in the Access Risk Management UI and managed at Risks - NEW > Mitigating Controls. See Managing Mitigating Controls – NEW.
  • Rules to business functions mapping. Data previously found in columns on the Rules tab that map rules to business functions has been moved to a separate Risks to Business Functions tab, with a row for each risk.
  • Permission Logic column. This rulebook column determines how Business Functions with more than one Action / TCode Logic Group will be evaluated. AND logic means that all of the Actions/TCode Logic Groups must be present to be considered a risk, whereas OR logic means that any one of the Actions / TCode Logic Groups must be present to be considered a risk.

  • Access Logic column. For SAP, this rulebook column determines how Authorization Objects will be evaluated when there is more than one for a given Action / TCode Logic Group. AND logic means that all of the Authorization Objects must be present to be considered a risk, whereas OR logic means that any one of the Authorization Objects must be present to be considered a risk.

    Note

    If an S_TCODE or an S_SERVICE Authorization Object is specified for an Action / TCode Logic Group, those objects are mandatory and this configuration setting does not impact checks of those special objects.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.