Previous Topic: Preventative Identity Policies

Next Topic: How Preventative Identity Policies Work

Actions for Preventative Identity Policy Violations

When a preventative identity policy applies to a business change, CA performs certain actions to address the violation.

When you specify one of these actions in an identity policy, you specify a message that describes the violation. This message is recorded in the audit database. Depending on the type of action, the message may also be displayed to users in the User Console and recorded in View Submitted Tasks.

You can configure the following actions for a preventative identity policy:


CA IdentityMinder displays a message in View Submitted Tasks that describes the violation, but allows the task to be submitted.


CA IdentityMinder displays a message in the User Console and prohibits the task from submitting.


CA IdentityMinder displays a message in the User Console and in View Submitted Tasks. This action can optionally trigger a workflow process that requires an approval from an appropriate user before CA IdentityMinder executes the task.

To trigger a workflow process, you associate the preventative identity policy with a policy-based workflow process in tasks that may cause the violation.

For example, if the violation occurs when a user receives certain roles at the same time, configure the workflow process for all tasks that assign those roles to users.

Note: When you configure the policy-based workflow process for the task, the approval rule must reference the name of the preventative identity policy.