Client Tools Guide › Audit Menu › Check Policy Compliance › Manage Business Policy Rules

Manage Business Policy Rules

A Business Policy Rule (BPR) expresses business, provisioning, or security constraints as a logical condition that can be applied to the entities and links in a CA GovernanceMinder configuration. For example:

<Purchasing> forbidden to be <Subcontractor Payments>

You can apply this rule to a CA GovernanceMinder configuration to ensure that workers who have privileges to order stock from subcontractors do not have privileges to authorize payments to those subcontractors.

Typically a BPR is defined by specifying the following information:

• The type of rule—CA GovernanceMinder provides a broad range of rules that let you examine and compare various entity values. The rule type that is used in the previous example is Restrict access of users to roles by role access. This type of rule restricts the roles that a user can have based on other roles they already have.
• The logical condition—in our example, users with certain roles are forbidden from having other roles. You can also use this type of rule to allow or require users with certain roles to have other roles.
• Data sets and limit values—in our example, we specify a set of roles that are related to purchasing functions, and another set of roles that grant payment privileges.

A Business Policy is a set of BPRs. This policy (saved as a BPR file) exists independently of any specific configuration. The rules that comprise the policy can be adapted and applied to any CA GovernanceMinder configuration to verify its logic, integrity, and compliance with policy.