Return to What's New in IdentityIQ 7.2
A new Policy Violations user interface is introduced in IdentityIQ 7.2 to make processing violations easier and more intuitive. This new UI separates key policy violation data out to multiple tabs for a cleaner review process, and moves the processing actions to a single, central page, streamlining users' access to their policy violation tasks.
Many of the fundamental ways the Policy Violations UI works are unchanged from or very similar to earlier versions of IdentityIQ. For example, the items listed in the Policy Violations UI are detected violation items, not requested items or alerts that appear as work items. Also, as in earlier releases, the My Work > Policy Items menu option will bring up a list of all the violations you are permitted to view (for example, system administrators and users with the Policy Administrator capability will see all violation items in the entire system), whereas clicking the Policy Violations tile on the home page will bring up a list of only the violation items you are an owner of.
This video gives an overview of the new Policy Violations UI
Allowing (or mitigating) a violation means you are setting a time period in which the identity is allowed to work in violation of the policy, without affecting compliance or risk.
Separation of Duties policy violations are the only policy violations that can be corrected by revoking conflicting entitlements or roles in the Policy Violations UI.
In IdentityIQ 7.1 and earlier you used an option called Correct Violation from the Violation Decision menu on the details page for an individual violation. In IdentityIQ 7.2 the button for this is labelled Revoke and is available for relevant violations on the Open tab of the main Policy Violations page.
To correct a violation by revoking role(s) or entitlements(s):
Only system administrator users can certify based on policy violations. The Certify option is, as of release 7.2., available only as a Bulk Decision.
The ability to delegate a violation must be enabled in the Compliance Manager setup page (as described below) in order for users to be able to delegate policy violations. You can delegate policy violations that are both on the Open tab and on the Complete tab.
Delegated items are always displayed on the Open tab. An item delegated from the Complete tab will move to the Open tab. Delegated items are marked as such on the Open tab.
Note: Delegated items appear in the recipient's Work Items menu (My Work > Work Items), not in the Policy Violations UI.
System administrators can enable or disable the delegation of policy violation items.
You can edit decisions from the Complete tab after a you allow a violation. Click the three-line ("hamburger") menu and choose Edit Decision. Note that revocation decisions can not be edited here; they can only be viewed.
You can also edit a decision on the Open tab after you make the decision, but before you save the decision. When you have clicked Allow or Revoke for a violation item, an Edit Decision option becomes available in the three-line ("hamburger") menu. Note that once you save your decision(s), this Edit Decision option is no longer available in the Open tab.