Policy Violations - Error while detecting policy violation

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

HI Everyone,

I’m encountering an issue in SailPoint IIQ 8.4 related to Advanced Analytics and Advanced Policy Violation during Refresh.

Context:
I’ve configured policy rules that are triggered during Identity Refresh (policy evaluation). The identity refresh job completes successfully without any visible errors in the logs.

However, when I navigate to Advanced Analytics (under “Syslog”), I see the following error message:
“Selected filter has produced more than one result”

And when I click the error for more detail, it just says: “No stacktrace available”

Additional Info:
I’m not applying any custom filters directly in Advanced Analytics.
The issue seems to appear only after policy violations are created.
This may be impacting the visibility or loading of data in the Advanced Analytics module.

Questions:

  1. What does this error typically mean in IIQ?
  2. Is it caused by duplicate records in a field that expects a single value (like policy reference or identity name)?
  3. How can I trace the root cause of this, given that no stacktrace is available?
  4. Are there specific configuration checks I should perform on the Analytics definitions or saved filters?
2

Hi @Yashwanti

Welcome to the SailPoint developer community!

The most common culprit is a duplicate policy definition. So could you please check if you have any duplicate policies or Rules

Query for duplicate Policy names:


SELECT name, COUNT(*) FROM spt_object WHERE type = 'Policy'
GROUP BY name HAVETYPE COUNT(*) > 1;

Query for duplicate Rule names (if applicable):

SELECT name, COUNT(*) FROM spt_object WHERE type = 'Rule'
GROUP BY name HAVETYPE COUNT(*) > 1;
3

Hi @pattabhi

I have re-checked the rules and policy names; there are no duplicates in either of them.
is there any other possibility that you can suggest?

Thank you.

4

Policy Violation Table
SELECT * FROM spt_policy_violation;
Examine how violations are structured. Are there any oddities that might cause the analytics engine to trip?

5

Hi @Yashwanti

If it is okay then, could you please try to delete the newly created policies, let’s see will that sort out the issue as you have mentioned that the issue caused by latest violations.

Make sure all the system and mandatory identity refresh tasks have been performed without any issue.

6

Here are other possibilities and deeper troubleshooting steps:

1. Granular Duplicates in spt_policy_violation

Even if policy and rule names are unique, the combination of factors that define a specific violation might be duplicated. The error “Selected filter has produced more than one result” points to a query that expects a unique record but finds multiple identical ones based on its criteria.

Action: Execute a more granular SQL query directly on your IIQ database to identify true duplicates in the spt_policy_violation table. This query should include all columns that define a unique policy violation:

SQLSELECT
    pv.identity_id,
    pv.policy_id,
    pv.constraint_id,
    pv.attribute_id, -- Critical: The specific attribute causing the violation (e.g., roles, entitlements)
    pv.value,        -- Critical: The actual value of the attribute that's violating the policy
    pv.description,  -- The description of the violation
    pv.created,      -- Timestamp of creation (useful for identifying multiple identical violations created at different times)
    pv.active,       -- Whether the violation is currently active
    COUNT(*) AS NumberOfDuplicates
FROM
    spt_policy_violation pv
GROUP BY
    pv.identity_id,
    pv.policy_id,
    pv.constraint_id,
    pv.attribute_id,
    pv.value,
    pv.description,
    pv.created,
    pv.active
HAVING
    COUNT(*) > 1
ORDER BY
    NumberOfDuplicates DESC, pv.identity_id, pv.policy_id;
7

Hi @pattabhi ,

I think this helped, I deleted the old policies and created new ones which worked as excepted and did not give the error!

Thank you so much for your guidance!

1 Like
8

Hi Yashwanti

Thanks for the update, you can mark my comment: Policy Violations - Error while detecting policy violation - #5 by pattabhi as solution, so that it will disappear from unsolved topics category.