The Identity Audit feature detects Segregation of Duties (SoD) violations. SoD violation or identity audit policy violation is a violation whereby a user has been assigned privileges that should not be held individually or in combination.
Identity audit (IDA) enables the creation of rules and policies that detect potentially dangerous combinations of privileges held by users or roles that can lead to access violation, and determines policy violations and policy violation causes.
This feature can be enabled or disabled by setting the value of the Identity Audit system property to true or false respectively. See "System Properties" in Administering Oracle Identity Manager for information about this system property. Also, in an upgraded deployment of Oracle Identity Manager, you must manually set the value of the Workflows policies enabled system property in order to use the identity audit and role lifecycle management features.
This chapter describes the IDA feature in the following topics: