Previous Topic: Example: Enforcing Segregation of Duties

Next Topic: Actions for Preventative Identity Policy Violations


Preventative Identity Policies

A preventative identity policy is a type of identity policy that prevents users from receiving privileges that may result in a conflict of interest or fraud. These policies support a company's Segregation of Duties (SOD) requirements.

Preventative identity policies, which execute before a task is submitted, allow an administrator to check for policy violations before assigning privileges or changing profile attributes. If a violation exists, the administrator can clear the violation before submitting the task.

For example, a company can create a preventative identity policy that prohibits users who have the User Manager role from also having the User Approver role. If an administrator uses the Modify User task to give a User Manager the User Approver role, CA IdentityMinder displays a message about the violation. The administrator can change the role assignments to clear the violation before submitting the task.

You can create preventative identity policies for the following changes:

More information:

Actions for Preventative Identity Policy Violations