Policy Violation is working in lower environment but not in PROD

We have recently created an EntitlementSOD policy and its pretty straightforward. It has 4 rules and each contains a set of entitlement and a conflicting entitlement. This worked in lower env but when we moved to PROD, the request gets completed and no violation shows up. restarted the servers as well after deployment.

In the access request wf we have set the variables also:

<Variable initializer="interactive" input="true" name="policyScheme">
<Variable initializer="false" name="allowRequestsWithViolations">

@aakashpandita is there anything in Audit? Please check policy is active or not.

Additionally, would you be able to share logs - of LCM workflow? We will be able to track it there on what is the result of the sod validation check and also let’s check if the application name specified in the policy is correct as per PROD.

Thanks,

Pallavi

Hi @aakashpandita ,

may I ask how your deployment is done?
Automatically, via IIQDA?
Can you make sure that the PolicyDefintion is exactly the same you are having in the lower environments?

Please kindly confirm that the Policy is enabled in PROD.

Thanks,
Daniel

did not find anything in logs.
app name is also correct. its referencing correctly.
deployment was done manually from debug. copied the policy as it is from lower env. no changes

Did you check if the entitlement name matches exactly with the names in PROD environment? Try linking the entitlements again.

yes we have restarted the servers. its pointing to correct entitlements

this is resolved.
we were passing “none” value in policyScheme argument in the next step “Initialize”.
updated the arg value and its working now.
Thanks for the help guys!

@aakashpandita good to hear this. So issue was in workflow.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.