How Preventative Identity Policies Work
The following sample process illustrates how preventative identity policies work:
cim1265
The following sample process illustrates how preventative identity policies work:
- An identity policy administrator creates a preventative identity policy that prohibits users who have the title Senior Accountant from being in the IT department.When defining this identity policy, the administrator specifies thatIdentity Managershould reject any changes that violate this policy.
- An HR administrator uses the Create User task to create a user profile for a new Senior Accountant. The HR administrator correctly selects the user's title, but accidentally selects the IT department.
- The HR administrator completes the remaining fields in the Create User task and clicks Submit.
- Identity Managerdetects that the task involves changes that are defined in an identity policy and evaluates the changes for violations.
- Identity Managerdetects the violation, displays a message to the HR administrator, and prevents the task from submitting.Identity Manageralso records the message in the audit database.
- The HR administrator views the details of the violation in the message and changes the user's department to Finance. Then, the administrator resubmits the task.
- Identity Managerevaluates the proposed changes against all applicable identity policies, and then allows the Create User task to submit.