Authorizations Insight for Infor rules
To add Authorizations Insight rules to a rule book:
- Select Design > Business Controls > Rule Books on the navigation bar, click the arrow option corresponding to a rule book to display the details page.
- Click New to add a rule. The Rule Details tab on the New Rule page is displayed.
-
Specify this information:
- Rule Name
- The name of the rule.
- Control Number
- The identification number of the rule. Note: This number can be alpha numeric or numeric.
- Control Type
- The type of control based on the rules you want to create.
Possible values:
- Security Controls: Authorizations Insight rules to monitor security models.
- Transaction Monitoring Controls: Process Insight rules to monitor business transactions.
- Insight
- The name of the Insight for which the rule is created. Select Authorizations Insight for Infor.
- Application (Maximum 2)
- The application for which the rule is created. Note: Rules cannot be built on more than two applications.
- Rule Type
- The type of the rules. The Authorizations Insight for Infor has
these types of rules:
- Sensitive rule
- Conflicts rule Note: To create a Conflict rule, you must select the Sensitive or Conflict rule type and click the Convert to Conflicts Rule option on the Conditions tab.
- Limits rule Note: Limit rules are applicable only for rule analysis.
- Object
- The Infor GRC business objects for creating a
condition. The objects displayed are based on the Rule type selected.
Possible values of objects:
- For Sensitive and Conflicts
rule, the objects are:
- Permission
- Role
- For Limit rule, the objects
are:
- Permission
- Role
- User
- For Sensitive and Conflicts
rule, the objects are:
- Status
- The status of the rule.
Possible values:
- Draft
- In Review
- Final
Note: The rules with Final status are considered for an analysis.
- Priority
- The priority assigned to the rule.
- Expiry Date
- The date up to which the rule is valid. Note: When selecting an expiry date, select a date in the future. The rule book expires on the specified date and is not available for analysis after this date.
- Specify additional information on the risks associated with the rule in the Risk Description tab.
- Specify the reason for the existence of the rule, in the Control Objectives tab.
- Specify the documentation for the rule, if any, in the Documentation tab.
- Add reference documents from IDM (Infor Document Management) or from a third party for additional information, on the Supporting Documentation tab. Select the details and click Add. The selected documents are displayed at the bottom of the New Rule page. Click the document to review the details.
-
Specify this information in the Owners
tab:
- Owners
- The user assigned the role of an Owner for the rule.
The Owners can:
- Modify the conditions in a
rule.
Rules have pre-defined conditions that are used for analyzing data.
Note: When a condition is modified in the Condition Library, the associated Rule Books are also updated. - Add other owners to the rule conditions.
- Modify the conditions in a
rule.
- Users
- The user assigned the role of a User for the rule.
The Users can:
- Review the existing rule conditions and consider the conditions when creating rules.
- Implement an existing rule condition to create a new rule condition with a different name.
-
Click the Compensating Controls and Exclusions section for:
- Assigning an existing compensating
control to the rule, using the Assign option. The assignment expiry date of the selected
compensating control is also displayed. Click the expiry date link to select a
different expiry date from the calendar or retain as Never Expires. Note: You can also create a new compensating control, using the New option. See, Working with compensating controls.
- Removing a compensating control already assigned to the rule, using the Remove option.
- Excluding objects from the rule. See, Excluding objects from a rule.
- Assigning an existing compensating
control to the rule, using the Assign option. The assignment expiry date of the selected
compensating control is also displayed. Click the expiry date link to select a
different expiry date from the calendar or retain as Never Expires.
-
Click the Conditions
tab. The conditions for the rule are based on the type of the rule you create:
- For the Sensitive or Conflict rule, you must select a condition from the Condition Library.
- For the Limit rule:
- Select an object name. The object names displayed in this field are based on the business object selected for creating the rule.
- Select an operator for the rule condition.
- Specify the
number of users, in the Count of
users field, who must be provided access to the selected
object name. Note: The Count of users field is displayed when the object selected for creating the rule is Permission or Role. However, if the object selected for creating the rule is User, the Count of roles field is displayed.
- Click Save.