With SailPoint sending report links to policy violation owners, violation owners can’t access the report as standard users.
I’ve temporarily assigned Report Admin, but that feels too broad.
Is there a way to allow users to view only specific policy reports (like terminated users with active AWS accounts) without granting full report admin access?
You cannot grant “report‑only” access to policy violation reports in SailPoint Identity Security Cloud today—violation owners without elevated roles cannot open those links. The supported way is to use policy subscriptions (SoD subscriptions) that email violation details directly or to assign a limited role like Policy Admin rather than the broad Report Admin.
Why Violation Owners Can’t Access Reports
Report links generated by subscriptions require Report Admin or Org Admin privileges.
Standard users (even if they are violation owners) cannot open those links because reports are considered administrative objects.
This is documented behavior — SailPoint treats reports as admin‑level artifacts, not end‑user accessible content.
Alternative methods you can try
Policy Subscriptions
Instead of sending a report link, configure a subscription on the SoD policy.
Subscribers receive violation details directly via email (daily, weekly, or monthly).
This avoids the need for Report Admin rights.
Report Admin role
If you want owners to view violations in the UI, assign ReportAdmin.
This grants access to policy objects but not full reporting privileges.
Scheduled Search API
Use the Scheduled Search API to generate violation reports and send them to specific users.
This bypasses the need for Report Admin while still delivering structured violation data.