The SOD policies don't catch roles, and there's no notification when a policy violation happens

Which IIQ version are you inquiring about?

Version 8.3

Please share any images or screenshots, if relevant.

Please share any other relevant files that may be required (for example, logs).

Share all details related to your problem, including any error messages you may have received.

Hello Forum Folks!
Hope everyone’s having a fantastic day!

I made a rule that says “API Connect Role conflicts with the Test API Role.” But, even though a user has both roles (requested and approved after the rule), I’m not getting any notification for a policy violation.
Can someone help me figure out what’s wrong with the process?

Hello,

I’d like to have more information. I’ve just simulated your test case and it created a policy violation.
Does your identity refresh with the “Check active policies” detect at least one “Policy violation”? Is your policy activated?

I wonder, if your example is a test case, if it wouldn’t be interesting to “Run Simulation” in the policy?

Let’s me know.

1 Like

Certainly, I’ll share more information! Take a look at this image to see the policy configuration.

-I refreshed the “Active Policies,” but it didn’t detect the violation.
-Note that it detects entitlement issues, not role conflicts.
-The policy is active.
I run a simulation, and it flagged a violation. Now, I have more doubts. Do I always need to simulate SOD rules for the notification to appear?
Does the notification trigger after role approval? Is it possible to receive the notification right when the request is submitted?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.