|
|
|
A preventative identity policy is a type of identity policy that prevents users from receiving privileges that may result in a conflict of interest or fraud. These policies support a company's Segregation of Duties (SOD) requirements.
Preventative identity policies, which execute before a task is submitted, allow an administrator to check for policy violations before assigning privileges or changing profile attributes. If a violation exists, the administrator can clear the violation before submitting the task.
For example, a company can create a preventative identity policy that prohibits users who have the User Manager role from also having the User Approver role. If an administrator uses the Modify User task to give a User Manager the User Approver role, CA Identity Manager displays a message about the violation. The administrator can change the role assignments to clear the violation before submitting the task.
Preventative identity policies can also trigger a workflow process that requires approvals from designated approvers before CA Identity Manager executes the task.
Note: For more information about preventative identity policies, see the Administration Guide.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |