8.4
Hello,
When dealing with Policy Violations we are able to to allow violations for a certain amount of time.
When we allow users to pick how long to “Allow” the Policy Violation, is there any way to limit on how much into the future to set the date?
For example, only allowing a max of six months? So that users can pick any date between now and 6 months from now?
Thanks,
TM
What kind of policy are you using here?
Hi @tmamouros ,
Navigate to Gear→ Compliance Manager → Decisions → Default Duration For Exceptions set the duration allowed for exception of policy violation and in certifications. And also make sure the Enable Allow Exception Popup is checked.
@Chathuryas When I try to allow a policy violation, “Allow Until” is grayed out. The date is being populated based on the value provided for " “Default Duration For Exceptions”. Do you know how can I make “allow until” field editable?
Hi @r_pragati , Is Enable Allow Exception Popup is checked?
I have both Advanced Policies and Entitlement SOD Policies
Hi @Chathuryas . This does set the date, but doesn’t force it to be within the time frame. For example i can set “Default Duration For Exceptions” to 6 months, and still, on the Allow Window, can set the “Allow Until” for 10 years from now if i want.
@tmamouros AFAIK there is no system or compliance settings available to set the date limitation on allow until field. You might want to review the Form used in the workitem and try to add the validation script on field. That should block the users from selecting any longer dates.
Thanks for the suggestion @neel193. How would I go about modifying the form used in “Allow” step? Where do i find the form?
I haven’t done anything like this yet.
Enable Allow Exception Popup was unchecked. I did and it works fine now. Thank you!
@tmamouros This requires a plugin framework knowledge.. Please refer to Product Documentaiton: https://community.sailpoint.com/t5/Plugin-Framework/Plugin-Development/ta-p/145288 They have provided a sample plugin for understandng as well.
You need to review the policy violation xhtml page: http://localhost:8080/identityiq85p1/policyViolation/policyViolation.jsf#/policyViolations?showAll=true and figure out which part you need to edit to add your validation script. And then you inject your script using plugins.
Ok thank you very much. I will take a look
