Create a Preventative Identity Policy

Before you create a preventative identity policy, you create an identity policy set, which logically groups a set of identity policies.
cim1265
Before you create a preventative identity policy, you create an identity policy set, which logically groups a set of identity policies.
 
To create a preventative identity policy set
 
  1. Open Policies, Create Identity Policy Set in the User Console.
    Create a new identity policy set or use an existing identity policy set as a template.
  2.  Create a policy set member rule on the Policies tab.
  3. Create a preventative identity policy as follows:
    1. Click Add.
    2. Enter a name for the identity policy.
      Note:
       The Apply Once and Compliance settings do not apply to preventative identity policies.
    3. Identify the users to which the policy applies in the Policy Condition section.
      Note
      : The role owner filter and the LDAP query filter are not supported for preventative identity policies.
    4. In the Action on Apply Policy field, define the actions that 
      Identity Manager
       takes when 
      Identity Manager
       detects a policy violation:
      •  
        Accept 
        Identity Manager
         displays a message in View Submitted Tasks that describes the violation, but allows the task to be submitted.
      •  
        Reject
        Identity Manager
         displays a message in the User Console and prohibits the task from submitting.
      •  
        Warning
        Identity Manager
         displays a message in the User Console and in View Submitted Tasks. This action can optionally trigger a workflow process
      When you select one of these actions, 
      Identity Manager
       displays a text box where you can specify the message that appears when a violation occurs. 
    5. Specify the message in the text box.
      Note:
       If you are localizing the User Console, you can specify a resource key instead of text in the message field. See the 
      User Console Design Guide
       for more information about resource keys.
    6. Add additional actions if necessary and click OK.
Before you use the identity policy set that you created, make sure that identity policies are enabled in the Management Console. See the 
Configuration Guide
 for more information.