Excluding objects from a rule
Certain objects can be excluded from a rule so that violations are not generated when an analysis is performed using the rule.
The objects that can be excluded vary based on the rule format selected and the object for which the rule is created.
Rule type | Object for which rule is created | Exclusion by |
---|---|---|
Sensitive or Conflicts rule | Role |
|
Permission |
|
|
Limit rule | Permission |
|
Role |
|
|
User |
|
To exclude an object from a rule:
- Select on the navigation bar, click the arrow option corresponding to a rule book to display the details page.
- Click New Rule page is displayed. to add a rule. The
- Click the Compensating Controls and Exclusions section.
- Click Exclusions screen is displayed. to exclude objects. The
-
Select the objects to be excluded in the Exclusion by field.
Option Action Roles - Click the Roles field to select the roles to be excluded and click . option in the
- Click Exclusion tab. The expiry date of the selected object is also displayed. Click the expiry date link to select a different expiry date from the calendar or retain as Never Expires. . The selected roles are displayed at the bottom of the
Users - Click Users field to select the users to be excluded and click Apply. option in the
- Click Add. The selected users are displayed at the bottom of the Exclusion tab. The expiry date of the selected object is also displayed. Click the expiry date link to select a different expiry date from the calendar or retain as Never Expires.
User attributes - Select a user attribute.
- Select an operator.
- Specify the attribute value. Alternatively, click Browse to select an attribute value and click OK.
- Click Add. The selected objects are displayed at the bottom of the Exclusion tab. The expiry date of the selected object is also displayed. Click the expiry date link to select a different expiry date from the calendar or retain as Never Expires.