Edit SOD Rule Page

A brief summary of this rule. This information is displayed in the Rules column of the Rules table on the Edit Policy page.

A brief description of the rule.

The person responsible for taking action on the policy violations. This can be a specific identity, the manager of the user in violation of the policy, or someone selected according to a rule.

You can also assign owners to each individual rule that makes up the policy. If you assign an owner at the rule level, it overrides the policy-level violation owner.

Note: Click the [...] icon to launch the Rule Editor to make changes to your rules if needed.

If the notification option is enabled, only the owner receives a work item, the observers only receive email notifications.

A violation formatting rule adds extra information to a policy violation, like an extra description, or the relevant applications that contain attributes that contributed to the violation.

If you want to use a rule to control violation formatting, select a violation rule from the dropdown list. Violation formatting rules are defined when your system is configured.

Note: Click the [...] icon to launch the Rule Editor to make changes to your rules if needed.

Business processes can be used to define how violation work items are assigned, or how to handle the violation based on decision made on the work item. If you want to use a business process for the violation, select the business process from the dropdown list.

A business process specified here for the entire policy will be overwritten by any business process that is specified as part of a policy rule on the Edit Rule pages.

Enable or disable the rule

A description of exceptions or compensating factors that apply to this rule. For example, certain policies or rules might not apply to users at the executive level in your organization.

This field is for documentation purposes only. Information entered here does not impact risk scoring associated with this rule or the reporting of policy violations.

See Compensating Controls and Correction Advice.

Text entered in this field is displayed if a violation of this policy appears on a certification request and is selected for revocation. Use this field to enter information that can be used by a certifier to make the correct revocation decision.

See Compensating Controls and Correction Advice.

Role SOD Rules:

The lists of conflicting roles that define this rule. If an identity is assigned ANY of the roles from the Any of these table and ANY of the roles from the conflict with any of these table, they are in violation of this rule and their risk score card reflects that violation.
Each table can contain multiple items, but if a user has even one role in each list it is a violation of the policy.

Entitlement SOD Rule:

The list of conflicting entitlements that define this rule.
Add identity attributes or account attributes and permissions to create lists of conflicting entitlements.
Use the Or / And dropdown list to determine if an identity has to match all of the items in the list or just one to be in violation of this policy.

Effective Entitlement SOD Rule:

The list of conflicting entitlements that define this rule.
Add identity attributes, account attributes and permissions, and target permissions to create lists of conflicting entitlements.
Use the Or / And dropdown list to determine if an identity has to match all of the items in the list or just one to be in violation of this policy.