Excluding objects from a rule

Certain objects can be excluded from a rule so that violations are not generated when an analysis is performed using the rule.

The objects that can be excluded vary based on the rule format selected and the object for which the rule is created.

Rule type Object for which rule is created Exclusion by
Sensitive or Conflicts rule Role
  • Users
  • User attributes
Permission
  • Roles
  • Users
  • User attributes
Limit rule Permission
  • Users
  • User attribute
Role
  • Users
  • User attributes
User
  • Users
  • User attributes

To exclude an object from a rule:

  1. Select Design > Business Controls > Rule Books on the navigation bar, click the arrow option corresponding to a rule book to display the details page.
  2. Click New to add a rule. The New Rule page is displayed.
  3. Click the Compensating Controls and Exclusions section.
  4. Click New to exclude objects. The Exclusions screen is displayed.
  5. Select the objects to be excluded in the Exclusion by field.
    Option Action
    Roles
    1. Click the Lookup option in the Roles field to select the roles to be excluded and clickApply.
    2. Click Add. The selected roles are displayed at the bottom of the Exclusion tab. The expiry date of the selected object is also displayed. Click the expiry date link to select a different expiry date from the calendar or retain as Never Expires.
    Users
    1. Click Lookup option in the Users field to select the users to be excluded and click Apply.
    2. Click Add. The selected users are displayed at the bottom of the Exclusion tab. The expiry date of the selected object is also displayed. Click the expiry date link to select a different expiry date from the calendar or retain as Never Expires.
    User attributes
    1. Select a user attribute.
    2. Select an operator.
    3. Specify the attribute value. Alternatively, click Browse to select an attribute value and click OK.
    4. Click Add. The selected objects are displayed at the bottom of the Exclusion tab. The expiry date of the selected object is also displayed. Click the expiry date link to select a different expiry date from the calendar or retain as Never Expires.