Policy violation its not happening

Hi All,

if the ‘vflag’ is true, a ‘violation’ object should be created and violation also hapening . However, ‘vflag’ being true, the ‘violation’ object is not being created as i expected. (request its not restricting ) Can someone please help me identify the issue and provide guidance on how to resolve it?"

if (vflag) {
log.error(“In LOOP one”);
violation = new PolicyViolation();
violation.setActive(true);
violation.setIdentity(identity);
violation.setPolicy(policy);

            constraint.setName(blockingMsg);
            violation.setConstraint(constraint);
            violation.setDescription(blockingMsg);
            violation.setStatus(sailpoint.object.PolicyViolation.Status.Open);
        }

return violation;

Thanks

Ranjith

are you returning violation in the end?

Hi @sunnyajmera

yeah im returning violation

return violation;

It’s not just about flag is true. You need to understand how Policy violation works.

Policy executes 2 times, with and without considering your Access Request.

You need to build the logic in such a way that, you will get flag as true in second execution only. If it returns true both the times then you don’t get the violation thrown.

Thanks
Krish

how are you calculating this variable, vflag?

Hello Ranjith, you have to create a logic which will run twice first one which will run on the the current identity state and then the second run on the future identity state (the identity which represents the state with the addition of the entitlement/s) if the result is false in the first run and then true in the second run then only the violation will be triggered.

One more thing, in my exp i have seen that even with the correct logic the violation is not triggered. Its because i have update my logic on the code through debug and didnt save it through the ui. So make sure that you have saved the changes through the ui as well.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.