Revoking policy exemptions

An administrator or policy owner can revoke separation of duty policy exemptions for each rule in the policy.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

About this task

When you revoke an exemption, that exemption is removed from the exemption list. The user to which the exemption applies might continue to have roles that are in violation of a separation of duty policy rule. In that case, the violation is displayed again the list of violations for that policy.

Procedure

  1. From the navigation tree, select Manage Policies > Manage Separation of Duty Policies.
    The Manage Separation of Duty Policies page is displayed.
  2. On the Manage Separation of Duty Policies page, complete these steps:
    1. Type information about the policy in the Search information field.
    2. In the Search by field, specify whether to do the search against policy names or descriptions, business units, or role names, and then click Search.
      A list of policies that match the search criteria is displayed.
      If the table contains multiple pages, you can:
      • Click the arrow to go to the next page.
      • Type the number of the page that you want to view and click Go.
    3. In the Separation of Duty Policies table, click the link provided in the Exemptions column of the policy that you want to view.
      The link is displayed only if there are one or more exemptions for the separation of duty policy.
      The Violations and Exemptions Summary page is displayed.
  3. On the Violations and Exemptions Summary page, complete these steps:
    1. Select the order in which you want to sort the rules, and then click Sort.
      You can sort alphabetically by rule name, or sort by the number of violations or exemptions.
    2. Click the icon (Twisty) next to each rule that you want to view.
      The Exemptions table is displayed, providing information about exemptions for the rule that you specified.
    3. In the Exemptions table, select the check box next to one or more exemptions that you want to revoke, and then click Revoke. Selecting the check box at the top of this column selects all exemptions.
      The Revoke Exemptions page is displayed.
  4. On the Revoke Exemptions page, complete these steps:
    1. In the Exemption Summary, ensure that the policies and rules are correct.
    2. In the Notes field, type a reason for revoking the exemption, and then click Revoke.
      The Notes field is for auditing purposes and is not displayed in the administrative console after an exemption is revoked.

Results

A Success page is displayed, indicating that you successfully revoked the exemptions for the specified policy and rule.

What to do next

You can revoke additional exemptions or approve violations.

You can use a custom audit data report to provide justification for revoking exemptions.

When you are done viewing violations and exemptions, click Close.