Create a Preventative Identity Policy

Before you create a preventative identity policy, you create an identity policy set, which logically groups a set of identity policies.
cim1265
Before you create a preventative identity policy, you create an identity policy set, which logically groups a set of identity policies.
To create a preventative identity policy set
  1. Open Policies, Create Identity Policy Set in the User Console.
    Create a new identity policy set or use an existing identity policy set as a template.
  2. Create a policy set member rule on the Policies tab.
  3. Create a preventative identity policy as follows:
    1. Click Add.
    2. Enter a name for the identity policy.
      Note:
      The Apply Once and Compliance settings do not apply to preventative identity policies.
    3. Identify the users to which the policy applies in the Policy Condition section.
      Note
      : The role owner filter and the LDAP query filter are not supported for preventative identity policies.
    4. In the Action on Apply Policy field, define the actions that
      Identity Manager
      takes when
      Identity Manager
      detects a policy violation:
      • Accept
        Identity Manager
        displays a message in View Submitted Tasks that describes the violation, but allows the task to be submitted.
      • Reject
        Identity Manager
        displays a message in the User Console and prohibits the task from submitting.
      • Warning
        Identity Manager
        displays a message in the User Console and in View Submitted Tasks. This action can optionally trigger a workflow process.
      When you select one of these actions,
      Identity Manager
      displays a text box where you can specify the message that appears when a violation occurs.
    5. Specify the message in the text box.
      Note:
      If you are localizing the User Console, you can specify a resource key instead of text in the message field. See the
      User Console Design Guide
      for more information about resource keys.
    6. Add additional actions if necessary and click OK.
Before you use the identity policy set that you created, make sure that identity policies are enabled in the Management Console. See the
Configuration Guide
for more information.