Remediation
Planned feature
This feature is planned feature.
This feature is roughly designed and it was evaluated as feasible.
However, there is currently no specific plan when it will be implemented, because there is no funding for this development yet.
In case that you are interested in supporting development of this feature,
please consider purchasing midPoint Platform subscription.
|
Introduction
Compliance features are absolutely necessary for efficient management of complex policies. However, the policies need to be enforced to be really effective. MidPoint is already a great tool for automated enforcement of policies. If used correctly, automated enforcement can take care of vast majority of cases. Then there are compliance features that can be used to single out the remaining cases. Administrators then can take care of those cases manually. This approach is good enough for many organizations. However, this can be still quite a complicated matter. Especially if complex policies are in place, if there are more exceptions than the rules or if cooperation of several persons is needed to resolve a situation. For such cases there are features that assist in remediation of policy violations.
Planned Features
TODO
-
Case management: dialog (comments), reassigning the case, etc.
-
"prefabricated" remediation processes: entitle new manager, resolve conflicting managers, etc.
-
case-based and campaign-based remediation
-
Definiton: remediator (relation?), action
TODO
Step 1: TODO
Step 2: TODO
Notes
Remediations and Approvals
Remediation cases are different than approvals. Approvals take place before the operation is completed. Approvals can stop the action from happening. This is great, but it may lead to delays - and that can be critical in emergency situations. And there are situations where we simply cannot stop the action. For example if a manager is fired immediately because of gross misconduct we cannot stop deprovisioning because there is organizational unit that will suddenly have zero managers. And approvals cannot be used for events that have already happened and midPoint just discovered them, such as discovery of an orphaned account. On the other hand, remediation cases takes place post-fact. Remediation cases do not stop operation from happening and they can be used also for events that already took place. The meaning of remediation case is to correct a situation that is wrong.