Documentation forAccess Rights Manager

Determine permissions deviating from the department profile (compliance check) (web client)

Background / Value

ARM sets new standards in the field of user provisioning: With the introduction of department profiles, department heads, together with the management and the compliance officer, define the scope of action of employees in the company.


If the employee receives additional permissions that deviate from the standard, a compliance monitor displays the deviating rights to a manager. In the form of bulk operations, the manager can harmonize the user accounts according to the profiles in his department.


To be able to use the compliance functions, you must have created at least one department profile.


Related features

Create a new department profile (Administrator)

Assign a department profile to users


Step-by-step process

  1. Select Analyze.
  2. Click New analyze session.
  3. Click Compliance.
  4. Click User Accounts and Department Profiles.


A052-02 EN Compliance Check

  1. Determine which domains should be included in your analysis.
  2. Choose a departmental profile or all (Without restriction).
  3. Optional: Activate this option if you also want to list users with no assigned department profile.
  4. Start the scenario.


  1. ARM shows you which user accounts are compliant.
  2. User accounts are compliant if all attributes and group memberships defined in the profile match or if deviations have been accepted by a responsible person.
  3. User accounts are non-compliant if there are "unaccepted deviations".