Edit Advanced Policy Rule Page

Use the Edit Advanced Rule page to define new rules for advanced polices, or to edit existing rules. Advanced rules are used to create custom, violation monitoring based on a variety of entitlement, filters, scripts, rules, and populations.

To create or edit a policy, see Working with Policies.

For an overview of developing and using rules in IdentityIQ, see Rules and Scripts in IdentityIQ.

The following information is displayed on the Edit Advanced Rule page:

Field Name	Description
Advanced Rule:
Summary	A brief summary of this rule. This information is displayed in the Rules column of the Rules table on the Edit Policy page.
Description	A brief description of the rule and its use in your organization.
Violation formatting rule	A violation formatting rule adds extra information to a policy violation, like an extra description, or the relevant applications that contain attributes that contributed to the violation. This can be especially useful for advanced policies, for which IdentityIQ cannot always collect all information that may be relevant to the person who has to review the violation. If you want to use a rule to control violation formatting, select a violation rule from the dropdown list. Violation formatting rules are defined when your system is configured. Note: Click the [...] icon to launch the Rule Editor to make changes to your rules if needed.
Violation business process	Business processes can be used to define how violation work items are assigned, or how to handle the violation based on decision made on the work item. If you want to use a business process for the violation, select the business process from the dropdown list. A business process specified here for the entire policy will be overwritten by any business process that is specified as part of a policy rule on the Edit Rule pages.
Disabled	Enable or disable the policy.
Compensating Control	A description of exceptions or compensating factors that apply to this rule. For example, certain policies or rules might not apply to users at the executive level in your organization. This field is for documentation purposes only. Information entered here does not impact risk scoring associated with this rule or the reporting of policy violations. See Compensating Controls and Correction Advice.
Corrective Advice	Text entered in this field is displayed if a violation of this policy appears on a certification request and is selected for revocation. Use this field to enter information that can be used by a certifier to make the correct revocation decision. See Compensating Controls and Correction Advice.
Selection Method: The selection method used when scanning for and assigning policy violations. For more information and examples for using Match Lists, Filters, Scripts, Rules, and Populations, see the IdentitySelectors in the IdentityIQ User Interface technical white paper on Compass.
Match List	A list of entitlements that define a policy violation. An identity that is assigned the entitlements in this list is in violation of this policy.
Filter	A custom filter (XML database query) used to define a rule for this policy.
Script	A custom script used to define a rule for this policy.
Rule	The rule selected from the rules list.
Population	A population of users. Populations are based on saved queries from the Advanced Analytics feature.
Run or View Simulation	Use the simulation option to simulate the policy rule before you make it active in your production environment. Before testing the rule, make sure the names of rules are unique in a policy. When you run a simulation for a single the rule, only the rule is disabled. The state of the policy is NOT changed. When you run a simulation for all the enabled rules in a policy, the state of the policy is changed to inactive. To activate the policy, you must change the state to Active and save the changes to the policy.


	You are here: