Approving policy violations

An administrator or policy owner can approve separation of duty policy violations for each rule in the policy.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

About this task

When you approve a violation, an exemption is created for the specified user and the combination of roles that caused the violation. After you approve a policy violation, that violation is removed from the violation list, and a new exemption is displayed in the exemption list.

Having an exemption means that the user is allowed to be a member of the violating roles. Updates to the user's person record do not cause additional violations or warnings unless the user introduces a new violation that is not covered by the exemption.

Updates to the record of a person do not trigger an approval unless the roles of the person are updated and the combination violates a separation of duty policy, assuming that an exemption does not exist for the policy.

Procedure

  1. From the navigation tree, select Manage Policies > Manage Separation of Duty Policies.
    The Manage Separation of Duty Policies page is displayed.
  2. On the Manage Separation of Duty Policies page, complete these steps:
    1. Type information about the policy in the Search information field.
    2. In the Search by field, specify whether to do the search against policy names or descriptions, business units, or role names, and then click Search.
      A list of policies that match the search criteria is displayed.
      If the table contains multiple pages, you can:
      • Click the arrow to go to the next page.
      • Type the number of the page that you want to view and click Go.
    3. In the Separation of Duty Policies table, click the link provided in the Violations column of the policy that you want to view.
      The link is displayed only if there are one or more violations for the separation of duty policy.
      The Violations and Exemptions Summary page is displayed.
  3. On the Violations and Exemptions Summary page, complete these steps:
    1. Select the order in which you want to sort the rules, and then click Sort.
      You can sort alphabetically by rule name, or sort by the number of violations or exemptions.
    2. Click the icon (Twisty) next to each rule that you want to view.
      The Violations table is displayed, providing information about violations for the rule that you specified.
    3. In the Violations table, select the check box next to one or more violations that you want to approve, and then click Approve. Selecting the check box at the top of this column selects all violations.
      The Approve Violations page is displayed.
  4. On the Approve Violations page, complete these steps:
    1. In the Violation Summary, ensure that the policies and rules are correct.
    2. In the Notes field, type a reason for approving the violation, and then click Approve.

Results

A Success page is displayed, indicating that you successfully approved the violations for the specified policy and rule.

What to do next

You can approve additional violations or revoke exemptions.

When you are done viewing violations and exemptions, click Close.