11.7 Detecting and Remediating Violations in Published Data

Identity Governance enables you to check your collected and published data using data policies. In addition to looking at statistical information, you can also take remediation action for data policy violations (anomalies) in published data by:

  • Sending an email notification

  • Reviewing items in violation by creating a micro-certification review instance

  • Creating a change request

  • Creating a workflow

    NOTE:Workflow remediation can only be utilized for publication policies where the entity type is User. Workflow remediation is not an option for publication policies for Account or Permission entity types.

Once a micro certification is complete, a change request is fulfilled, or a workflow is executed, you can select one or more publication data policies and Actions > Run Policy Detection to recalculate the number of data policy violations. For more information about micro certification and fulfillment, see Section 25.2, Understanding Micro Certification and Section 14.0, Instructions for Fulfillers.

If, after the initial remediation type selection, administrators would like to change the remediation type for future violations then they can select the link under the Remediation column on the Data Policy page and edit the remediation setup. Note that the last remediation event is listed below the name in the Remediations column.

To remediate data policy violations:

  1. Log in as a Customer, Global, or Data Administrator.

  2. Select Data Administration > Policies and Controls.

  3. Select the Publication Data Policies tab.

  4. Select + to add a remediation action to a violation.

  5. (Optional) Enable Run Remediation on new violations when calculated.

  6. Specify a name for the remediation.

  7. Specify and configure one of the following Remediation/Action types:

    • If you selected Email Notification:

      • Select Email source.

      • Specify a user, group, or role (such as supervisor or permission owners) as the recipient of the email. If a role has no user assigned to it, then email will be sent to Data Administrator. If a user has not been assigned as a Data Administrator, then the email will be sent to the Customer Administrator.

    • If you selected Change Request, select violation types, and provide instructions for fulfilling the change requests generated for selected violation types. Based on your policy type, additionally, select Modify or Remove.

    • If you selected Micro Certification, configure the following settings:

      • Review Definition: Search and select a review definition from the selection dialog or specify the review definition name. Note that Identity Governance applies filters based on data policy and enables the selection of only relevant review definitions.

      • Review Name: Specify a name for the micro certification.

      • Start Message: Specify the message that will be displayed in the header area of reviews describing why the review was started.

      • Review Period: Leave this blank if you want to use the duration specified in the review definition. Otherwise, specify a duration.

    • If you selected Workflow, based on your violation, search for, and specify, an existing workflow.

      NOTE:If no existing workflow is relevant for the current data policy violation, a Workflow Administrator has the option here to click Create Remediation/Action Workflow and provide the requested information to create a workflow that remediates the data policy violation.

  8. Save and apply the remediation.

  9. Repeat the above steps to add multiple remediations.

  10. Run individual or multiple remediations.

    1. To run all the specified remediations, select Actions > Run Remediation/Action.

    2. To run individual remediation, hover over a remediation name, then click Run.

  11. (Optional) Hover over a remediation name, then click Edit or Delete as needed. Note that you can also directly run the remediation or delete a remediation from the Remediation settings window.

    NOTE:If the remediation name specifies a workflow, you will see an additional option you can click to run the workflow.

If you selected Create Remediation/Action Workflow in Step 7 above, or if you want to edit an existing workflow, perform the following steps to open the Workflow Builder to create the remediation workflow:

  1. On the Data Policies and Controls page, click the Publication Data Policies tab.

  2. In the Remediations/Actions column, hover over the name of the workflow remediation you created in Step 7 above, and click Edit.

  3. Next to the Workflow field, click Edit.

  4. Use the Workflow Builder to create the remediation workflow for the data policy. For more information about creating workflows, see Workflow Service Administration Guide.