Evaluating separation of duty policies

An administrator can evaluate a separation of duty policy without doing a data synchronization. By running the evaluation, you can view current policy violation and exemption information. The evaluation process searches for violations to the policies that you specify.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

About this task

Violations are kept current as user role membership is modified. There are some cases where a change in the system might require a re-evaluation of separation of duty policy violations for one or more specific policies. These situations include:
  • Creating or changing a separation of duty policy
  • Changing a role hierarchy
  • Running an identity feed with evaluations disabled
In these cases, run a separation of duty policy violation evaluation on one or more policies. You can do the evaluation in one of these ways:
  • By running a full report data synchronization, which finds violations for all policies
  • By running evaluations on individual policies

When you disable a policy and then do another evaluation on the disabled policy, new violation warnings or exemption approval to-do activities are generated.

Procedure

  1. From the navigation tree, select Manage Policies > Manage Separation of Duty Policies.
    The Manage Separation of Duty Policies page is displayed.
  2. On the Manage Separation of Duty Policies page, complete these steps:
    1. Type information about the policy in the Search information field.
    2. In the Search by field, specify whether to do the search against policy names or descriptions, business units, or role names, and then click Search.
      A list of policies that match the search criteria is displayed.
      If the table contains multiple pages, you can:
      • Click the arrow to go to the next page.
      • Type the number of the page that you want to view and click Go.
    3. In the Separation of Duty Policies table, select the check box next to the policy that you want to evaluate, and then click Evaluate. Selecting the check box at the top of this column selects all policies.
      A confirmation page is displayed.
    4. On the Confirm page, click Evaluate to run the evaluation, or click Cancel.

Results

A Success page is displayed, indicating that you successfully submitted a request to do an evaluation on a separation of duty policy.

After the evaluation is complete, the violation count for the policy is updated.

What to do next

You can continue working with separation of duty policies, view your request, or click Close.