19.4 Understanding SoD Case Status

Identity Governance tracks and records all decisions and selections during the life cycle of an SoD case. The following table provides a brief description of the possible status of an SoD case.

SoD Case Status

Description

Not Reviewed

When Identity Governance first detects an SoD violation, it creates an SoD case, which is put into this state. This indicates that nobody has yet determined what to do about the violation. Users may have looked at it, but they have not determined whether to approve it or request that certain permissions be removed in order to resolve it. If the SoD violation requires multiple approvers, and if they have not all completed their approval steps, Identity Governance displays the current approval step and the total number of approval steps (Step Approval x of y).

Approved

A user has reviewed and approved the SoD case. Approval means the user determined that the SoD violation could continue for a certain period of time – the control period. There might be one or more compensating controls that were specified. Compensating controls are basically the conditions under which the approval was granted. It is expected that the compensating controls will be in effect during the approval period.

Approval Expired

A user approved the SoD case at one time, but the control period has expired.

Resolving

A user reviewed the SoD case and determined that one or more permissions should be removed in order to resolve the SoD violation. Change requests will have been initiated to remove one or more permissions. The SoD case will be in the resolving state until Identity Governance detects that the permission(s) have actually been removed. The resolving state can also be overridden if a user later on decides to approve the case instead of resolving it.

On Hold - Policy Inactive

SoD case is on hold because the policy has been deactivated.

On Hold - Policy Invalid

SoD case is on hold because the policy has become invalid. A SoD policy would become invalid if any of the permissions or technical roles it specified were deleted from the catalog.

Closed - Policy Deleted

SoD case has been closed because the SoD policy has been deleted. Thus, there is no longer an SoD policy to violate.

Closed - Policy Conditions Changed

SoD case has been closed because the SoD policy's conditions were changed.

Closed - Permissions or Roles Removed

SoD case has been closed because the violating user or account no longer has one or more of the permissions or technical roles that was causing the violation.

Closed - User Deleted

SoD case has been closed because the violating user is no longer found in the catalog.

Closed - Account Deleted

SoD case has been closed because the violating account is no longer found in the catalog.