Conflicts

Upon running a Rule check, whether initiated by a Campaign or through a manual Rule Check, if the system identifies that an Account possesses two conflicting Duties prohibited by a Rule, a new Conflict is generated.

Conflicts tab (marked with an arrow below) is where all identified Conflicts are stored.

the Conflicts tab is marked with an arrow

In the Conflicts list page, we can see one Conflict, its Status, linked Application, Account, Security Level, and verification Date.

We'll click on the View Conflict button (marked with an arrow below) to open the Conflict's window.

on the Conflict List tab, the View Conflict button is marked with an arrow

In the Conflict window, we can see it's details, and select whether to Deny or Allow it.

the View Conflict window

Allowing a Conflict would require us to specify the resolution and reason, and select a Date ("allow until"), this would add an exception to the Rule for the time being.

When the time selected will come, the Conflict will be brought up again for another review.

This is used in case there is no immediate alternative to a permission Conflict.

the Allow Conflict form

An allowed Conflict is marked as Allowed (circled below), and, marked with an arrow below, is the 'Exception Added' button that allows us to view the reason and 'Allow Till' date for that approved conflict.

an allowed conflict, the 'Exception Added' button is marked with an arrow

By denying a Conflict, we select a Collaborator to fix it.

The Collaborator will receive the Conflict notification, remove one of the user's Duties or Roles, and mark it as Fixed.

the Deny window - sending notification to a Collaborator

To return to the Access Management Guide hub, click here.

To return to the main guide hub, click here.

PreviousSOD Rule SetsNextAbout

Last updated