Compliance status
RoPE calculates a compliance status for all calculated assignments. The compliance status indicates if an assignment is under control, meaning that it has been either explicitly or implicitly approved. The compliance status is visible in all places where RoPE calculated assignments are shown, including the Omada Identity Data Warehouse reports.
The table below gives an overview of the compliance status values:
| Status | Description |
|---|---|
| Explicitly Approved | CRA is the outcome of a direct assignment, it has been approved in a verdict survey, or it inherits the status from the assignment for the role in which it is contained. |
| Implicitly Approved | CRA is the outcome of an assignment policy or it is a child of an assigned enterprise role. |
| Not Approved | CRA only exists in the target system. There is no desired state for it. |
| Orphan Assignment | CRA belongs to the unresolved identity or the Data Warehouse is uncertain of its ownership. |
| Pending Deprovisioning | CRA awaits to be deprovisioned. |
| In Violation | CRA violates a constraint which, however, has not caused it to be disabled because a pending evaluation procedure exists for the violation. |
| Implicitly Assigned | An implicitly assigned enterprise or application role, which is not in violation of the defined policies. Implicit assignments are created for enterprise and application roles if RoPE detects that an identity is assigned to all the contents of the role – but not the role itself. This is to allow SoD constraints to be defined on the enterprise or application role level, as well as to enable easier reviews. |
| None | Cannot express a meaningful compliance status for the assignment. For example, a CRA that is disabled, and has no actual state reasons, has the status None because it is irrelevant from the compliance perspective. |