How Preventative Identity Policies Work

The following sample process illustrates how preventative identity policies work:
cim1265
The following sample process illustrates how preventative identity policies work:
  1. An identity policy administrator creates a preventative identity policy that prohibits users who have the title Senior Accountant from being in the IT department.
    When defining this identity policy, the administrator specifies that
    Identity Manager
    should reject any changes that violate this policy.
  2. An HR administrator uses the Create User task to create a user profile for a new Senior Accountant. The HR administrator correctly selects the user's title, but accidentally selects the IT department.
  3. The HR administrator completes the remaining fields in the Create User task and clicks Submit.
  4. Identity Manager
    detects that the task involves changes that are defined in an identity policy and evaluates the changes for violations.
  5. Identity Manager
    detects the violation, displays a message to the HR administrator, and prevents the task from submitting.
    Identity Manager
    also records the message in the audit database.
  6. The HR administrator views the details of the violation in the message and changes the user's department to Finance. Then, the administrator resubmits the task.
  7. Identity Manager
    evaluates the proposed changes against all applicable identity policies, and then allows the Create User task to submit.