When support for compliance violations is enabled in an CA Identity Manager Environment, CA Identity Manager displays messages that indicate whether the proposed changes violate a compliance policy in CA Identity Governance.
In this example, the company has configured automatic compliance checks when administrators assign provisioning roles to employees.
An employee, Nancy McDonald, is moving from the Finance group to the Sales group. In the User Console, an administrator assigns the Sales Representative provisioning role to Nancy. This role gives role members access to sales applications that generate purchase orders.
Nancy also has the Finance provisioning role, which allows members to approve purchase orders. This role was assigned to Nancy when she first started at the company, but no longer applies in her new job.
The company has a business policy rule, defined in CA Identity Governance, which restricts users from having the Sales Representative and Finance roles at the same time. When the administrator attempts to submit the task that assigns the Sales Representative role to Nancy, an error message is displayed.
The administrator must remove the Finance role before assigning the Sales Representative role to Nancy. Once the violation is removed, the administrator can successfully submit the task.
Copyright © 2015 CA Technologies.
All rights reserved.