Previous Topic: Example: Allocating Resources and EntitlementsNext Topic: Example: Enforcing Segregation of Duties


Example: Enforcing Compliance

You can configure identity policies to define conditions that must or must not exist, and to take certain actions based on the evaluation of those conditions. For example, you can define a compliance policy that states that managers must have a spending limit of $5,000. If a manager has a spending limit of $10,000, CA Identity Manager can reset the manager’s spending limit, and record a compliance violation for auditing purposes.

To create a compliance policy set for enforcing spending limits, create an identity policy with the following settings:

Setting

Value

Apply Once

Not enabled

Compliance

Enabled

Policy Condition

Any conditions that define compliance or a compliance violation--for example:

title=<some_title> AND Spending Limit > <some spending limit>

Action on Apply Policy

The actions that CA Identity Manager should take when the policy condition applies--for example:

  • Compliance violation message: Spending limit exceeded
  • Set spending limit to <some_value>

The following figure shows the sample compliance policy described in this example.

The screen shows sample compliance policies with the columns Policy Name, Policy Member Rule, and Action on Apply Policy.