To request for remediation for a policy violation assigned to you:
Navigate to the Pending Violation page or Inbox, as described in "Viewing Policy Violations".
Click the policy violation to open the Violation details page. This page consists of the following tabs:
Details: This tab has the following sections:
Violation Details: Displays the details of the policy violation, such as the policy attributes, status, detection count, and the details of the user for which the violation is generated.
Access Details: Displays the cause of the violation, the rules within the policy that have been violated, the status and attributes of the violation, and comments, if any. In addition, the Attributes column displays details of the cause of the violation.
You can place your mouse pointer on the information icon in the Rules Violated column to display a popup with details of the violated rule, such as rule name, description, and rule condition.
Action History: This tab displays all actions taken by the remediator of the policy till the current state.
For each item in the Access Details section of the Details tab, you can perform the following actions:
Close as Fixed: This action is to indicate that the cause has been fixed manually, either because it has been taken care of outside the system or the remediator has manually taken action to ensure that this access no longer exists for the user.
To close the policy violation cause by accepting the violation risk:
Select Close as Fixed. Alternatively, click Close on the toolbar, and then select Close as Fixed. The Provide Comments dialog box is displayed.
Enter a comment, and click Submit.
Close as Risk Accepted: This action is to indicate that the access is required by the user for a particular time period, and the user can have the access until that date.
To close the policy violation cause by accepting the violation risk:
From the Actions menu, select Close as Risk Accepted. Alternatively, click Close on the toolbar, and then select Close as Risk Accepted. The Provide Comments dialog box is displayed.
In the Expiration Date field, specify a date after which the violation will be re-opened if it still exists.
In the Comments field, enter a comment, and click Submit.
Request for Remediation: This action is to indicate that you want to revoke the access of the user because it is not required by the user, in order to mitigate the violation.
|
Note: This action is not available for any user attribute that is causing violations, for example user title. |
To request for remediation of the policy violation cause:
From the Actions menu, select Request for Remediation. Alternatively, click Remediate on the toolbar. The Provide Comments dialog box is displayed.
Enter a comment, and click Submit.
After you have taken actions on some or all or the access details, click Complete on the top-right corner of the screen.
Based on the actions taken and the conditions of the rules, the policy violation will either be closed (if there are no more violations) or re-opened (if some of the actions were left open or the risk accepted date has passed and the user still has the access) during subsequent identity audit scans.