Previous Topic: Actions for Preventative Identity Policy ViolationsNext Topic: Important Notes about Preventative Identity Policies

Identity PoliciesPreventative Identity PoliciesHow Preventative Identity Policies Work

How Preventative Identity Policies Work

The following sample process illustrates how preventative identity policies work:

  1. An identity policy administrator creates a preventative identity policy that prohibits users who have the title Senior Accountant from being in the IT department.

    When defining this identity policy, the administrator specifies that CA Identity Manager should reject any changes that violate this policy.

  2. An HR administrator uses the Create User task to create a user profile for a new Senior Accountant. The HR administrator correctly selects the user's title, but accidentally selects the IT department.
  3. The HR administrator completes the remaining fields in the Create User task and clicks Submit.
  4. CA Identity Manager detects that the task involves changes that are defined in an identity policy and evaluates the changes for violations.
  5. CA Identity Manager detects the violation, displays a message to the HR administrator, and prevents the task from submitting.

    CA Identity Manager also records the message in the audit database.

  6. The HR administrator views the details of the violation in the message and changes the user's department to Finance. Then, the administrator resubmits the task.
  7. CA Identity Manager evaluates the proposed changes against all applicable identity policies, and then allows the Create User task to submit.