|
|
|
In addition to validating changes while executing a task, such as modifying a user profile or assigning provisioning roles, Identity Manager administrators can also validate changes in approvals. In this case, administrators click a Check Compliance button in an approval task screen to validate if the proposed changes violate compliance policies or patterns in CA RCM.
Note: As with other tasks that support compliance and pattern validations, if a message with a severity of error occurs, administrators cannot submit the approval until the error is resolved.
Support for compliance and pattern violations is available in the following tasks:
When CA Identity Manager is configured to support Accumulated Provisioning Roles, the Add and Remove actions in a task related to a provisioning role are combined into a single event, named the AccumulatedProvisioningRolesEvent. For example, if the Modify User task assigns a user to three provisioning roles and removes that user from two other provisioning roles, an AccumulatedProvisioningRolesEvent is generated, which contains five actions: 3 Add actions and 2 Remove actions.
The Approve Accumulated Provisioning Roles task allows administrators to approve or reject these Add or Remove actions individually. In the previous example, an administrator can approve the Remove actions, and reject the Add actions.
When support for compliance and pattern violations is enabled in the Approve Accumulated Provisioning Roles task, administrators can see the results of approving or rejecting the individual actions before submitting the task.
| Copyright © 2010 CA. All rights reserved. | Email CA Technologies about this topic |