Documentation forAccess Rights Manager

Determine permissions deviating from the department profile (compliance check) (web client)

Background / Value

ARM sets new standards in the field of user provisioning: With the introduction of department profiles, department heads, together with the management and the compliance officer, define the scope of action of employees in the company.


If the employee receives additional permissions that deviate from the standard, a compliance monitor displays the deviating rights to a manager. In the form of bulk operations, the manager can harmonize the user accounts according to the profiles in his department.


To be able to use the compliance functions, you must have created at least one department profile.


Related features

Create a new department profile (Administrator)

Assign a department profile to users


Step-by-step process

  1. Select "Analysis".
  2. Click "Compliance".
  3. Click on "User Accounts and Department Profiles".


A052-02 EN Compliance Check

  1. Determine which domains are included in your analysis.
  2. Choose a departmental profile or all ("without restriction").
  3. Optional: Activate this option if you also want to list users with no assigned department profile.
  4. Start the scenario.


  1. ARM shows you which user accounts are compliant.
  2. User accounts are compliant when exceptions have been accepted by a controller.
  3. User accounts are non-compliant if there are "unaccepted deviations".