Determine the user permissions deviating from the department profile
When an employee receives additional permissions that deviate from the standard, a compliance monitor displays the deviating rights to a manager. In the form of bulk operations, the manager can harmonize the user accounts according to the profiles in his department.
Create at least one department profile to use the compliance functions.
-
Log in the ARM Web Client as an ARM administrator.
-
In the toolbar, click Analyze > New analyze session.
-
In the Analysis screen, click Compliance and then click User accounts and department profiles.
-
In the New Analyze Session screen under User Accounts and Department Profiles, create a list of user accounts and assigned profiles you want to evaluate. You can narrow the list to one profile.
-
In the Domain name box, select the domains to include in your analysis.
-
In the Restrict to selected profile box, select a departmental profile or all (Without restriction).
-
(Optional) Select the Include accounts without profile assignment checkbox to list users with no assigned department profile.
-
Click Start calculation for your scenario.
The User Accounts and Department Profiles screen is displayed.
The Compliant column (1) displays all compliant user accounts.
The Accepted deviations column (2) indicates if all attributes and group memberships defined in the profile match or if deviations are accepted by a responsible person.
The Unaccepted deviations column (3) indicates unaccepted deviations in a user account that are non-compliant.
See the following sections for more information:
-