*[8.2.5]
I was wonder if their is away to give more detail to the user around what exact Role has caused a violation within a SOD Policy. The issue we are seeing is that we have some policies which contain many Roles. Would like to be able to provide the use with more details on exactly which Role is the issue instead of the Policy name.
Please use Advanced policy here where you exactly know what is the violation , you can set the description accordingly, this will help user to understand the details more clearly
Please check above.
Please feel free to mark the solution if resolved the issue it will help others as well
Hi @Bradlabs12,
You can share the details of the violating bundle with the user using the Violation formatting rule. This will allow you to identify the violating left and right bundles and provide a description. Please refer to the rule below.
String leftBundles = violation.getLeftBundles();
String rightBundles = violation.getRightBundles();
String description = "User can't have both Roles" +leftBundles +","+rightBundles +" as it violates. please remove the violating role from the request";
violation.setDescription(description);
return violation;
Where are the contains of this line displayed to the User?
Hi @Bradlabs12,
In the Violation formatting rule, we are fetching conflicting roles (leftBundles, rightBundles). The role details are specified in the description, which is set to violation. This violation description is displayed to the end user when the violation occurs.
"User can't have both Roles" +leftBundles +","+rightBundles +" as it violates. please remove the violating role from the request";
thanks that worked … i was able to update the “Violation Summary” within the Violation Detail area but do you know if there is a way to add this information to the Policy violation popup that comes up …
Hi @Bradlabs12,
It is not possible to add the violation summary directly to the policy page or popup. However, you can click on the popup to view the violation summary.
Arun … is there a way to control the amount policy violations that show up in the detail to just one. In the screenshot … a single requested role is in Violation with multiple other SOD Policy Rules within a single SOD Policy. I think this is confusing to a user
You can limit the list of policies to be executed through variable ‘policiesToCheck’. However, it would impact globally for all requests. The better approach is to modify your existing policies.
