Policy Exemptions

An exemption allows a detected violation to be excluded from enforcement for a defined entity under a specific policy.

Exemptions suppress enforcement while active but do not remove historical violation records.

Navigate to Exemptions

Go to:

Identity Governance & Administration > Policy > Exemptions

The Exemptions page provides a consolidated view of all exemptions across policies. Each entry displays the associated policy, entity, exemption status, creator, and expiry details.

Exemption List View

The list view provides operational visibility into:

  • Exemption ID
  • Policy reference
  • Entity
  • Status
  • Created by
  • Created date
  • Expiry date

Both active and historical exemptions are displayed. Exemptions remain visible for audit and traceability purposes.

The page supports:

  • Search
  • Filtering
  • Column visibility control
  • Column reordering
  • Table density selection
  • Refresh

These controls allow administrators to tailor visibility based on operational needs.

View an Exemption

To view exemption details:

  1. Navigate to Identity Governance & Administration > Policy > Exemptions.
  2. Select the required exemption.

The detail page displays:

  • Policy reference
  • Entity information
  • Current exemption status
  • Reason for exemption
  • Created by
  • Created date
  • Expiry date (if defined)

If the exemption is Active, enforcement for the associated violation remains suppressed.

Exemption Status

Exemptions exist in one of the following states:

Active

The exemption suppresses enforcement for the associated violation.

Expired

The exemption validity period has ended.

Revoked

The exemption was manually removed before its expiry date.

All status transitions are recorded for audit purposes.

Revoke an Exemption

An active exemption can be revoked manually.

Revoking an exemption:

  • Removes enforcement suppression
  • Restores policy enforcement during the next evaluation cycle

Expiry and Violation Reactivation

If an exemption has an expiry date, the system automatically transitions it to Expired once the defined date is reached.

During the next policy run:

  • If the rule condition still evaluates as true, the violation is reactivated.
  • If the condition no longer evaluates as true, no violation is created.

Exemptions suppress enforcement; they do not delete violations or remove historical records.

Relationship to Violations and Policy Runs

Each exemption is linked to:

  • A specific policy
  • A specific entity
  • The associated violation

This linkage enables traceability between:

  • Policy evaluation
  • Violation creation
  • Exemption application
  • Remediation outcome

All exemption actions are recorded in audit history.