How to configure the RSA Identity Governance and Lifecycle system to prevent users from requesting exceptional access
Originally Published: 2017-06-13
Article Number
Applies To
RSA Version/Condition: All
Issue
Tasks
- First define the exceptional access:
- Create an SOD rule that defines the exceptional access:
Rules > Definitions > Create New Rule > Type: Segregation of Duties
- Process the rule.
- Second, define who can and cannot request the exceptional access:
- Go to Requests > Configuration -> Submission tab -> Edit Settings.
- Under Violations there are three options:
By default, these options are not checked. This means anyone can request exceptional access and submit the request. To prevent users from requesting exceptional access, the first two options need to be defined.
- The first option Show violations to the specified requestors determines who will see if their requested access creates a violation. Any user meeting this criteria will see a warning if they request exceptional access:
- The second option Requests with violations can be submitted by requestors determines who is allowed to request exceptional access. Any user that does NOT meet this criteria AND that meets the criteria of the first option will be prevented from submitting the request:
Resolution
