Violation Decisions and Actions

Note: You cannot take action on your own violations.

Depending on how your system is configured the following decision options can be available:

Decision	Description
Allow	Select the Allow icon to open the Allow Violations dialog. When you allow, or mitigate, a violation you are setting a time period in which the identity is allowed to work in violation of the policy without affecting compliance or risk. The date field shows the end date of this period, when the violation will reappear in this list and in certifications. Whether or not you can edit the date field depends on how your system administrator has configured your system's Compliance Manager settings. Add any comments necessary to explain this mitigation decision.
Revoke	Select the Revoke icon to display the detailed view of the violation and make a revocation decision based on the items displayed. You must revoke one complete set of offending roles or the violation remains. The Revocations can be done automatically, if your provisioning provider is configured for automatic revocation, by generating a help ticket, if your implementation is configured to work with a help desk solution, or manually using a work request assigned to a IdentityIQ user. You cannot perform bulk violation revocations, and only Separation of Duties violations can be corrected.
Delegate	This option is available only when the Enable Line Item Delegation option is enabled in your system's Compliance Manager global settings. Select Delegate Violation to display the delegate violation panel. Use the fields to associate a work item with the selected policy violations and assign it to the appropriate user for corrective action. The owner of a policy, or a compliance officer who is tracking violations, may not be the same person who can make the decision as to how to correct the violation. On the delegate violation panel, enter the full name of the person to whom you assigning this work item. Entering the first few letters of a name displays a pop-up menu of IdentityIQ users with names containing that letter string. You can also select a recipient from the Manually Select Recipient dropdown list. Enter a description and comments as needed to assist the recipient.
Bulk Decisions	Select multiple violations and use this option to take bulk actions, such as Allow and Certify.
Certify	The Certify option is under the Bulk Decisions menu. Select items in your list, then click Certify to open the Schedule Certification page, to set up a certification. From this page you can schedule full certifications for the identities appearing on the policy violations list. You can use this option to provide another way to monitor identities that might be at risk within your enterprise.
Comments	If this option is enabled, you can add comments. In some instances, you may be required to add comments.
Details	Select this option to view detailed information.

These are the available options for specific policy types:

Policy Type	Available Policy Violation Options
Account	Allow, Certify
Advanced Entitlement Policy	Allow, Certify, Revoke
Advanced Policy	Allow, Certify
Entitlement Policy	Allow, Certify, Revoke
Activity Policy	Allow, Certify
Risk Policy	Allow, Certify
SOD Policy	Allow, Certify, Revoke

After you have made your decisions, click Save.