Disabling Policy Violation Mitigation

  • 7011073
  • 23-Mar-2012
  • 19-Oct-2012

Resolution

The option to allow policy violations can be removed from the Access Governance Suite application interface through a configuration setting on the policy object.  This is done by removing "Mitigated" from the certificationActions list in the policy definition XML, which prevents the "Allow Violation" option from being presented for that policy to any user.  This might be necessary to comply with a company policy of disallowing violations even for a constrained time period.

  1. From the Access Governance Suite Debug pages (accessible through [Access Governance Suite URL path]/debug), select Policy from the object list and click List.

    debugpgPolicy.png

  2. Select an existing policy object that need to be modified or select a policy template object to modify the default settings for future policies.

    policylist.png

  3. Remove "Mitigated" from the certificationActions list.
    <?xml version='1.0' encoding='UTF-8'?><!DOCTYPE Policy PUBLIC "sailpoint.dtd" "sailpoint.dtd"><Policy certificationActions="Remediated,Mitigated,Delegated" configPage="sodpolicy.xhtml" created="1331239579555" executor="sailpoint.policy.SODPolicyExecutor" id="40283d0535f40f970135f40fefa300cb" modified="1332506302811" name="SOD Template" state="Inactive" template="true" type="SOD" typeKey="policy_type_sod" violationOwnerType="Manager"/>
  4. Repeat for all policies and policy templates for which this option should be disabled.

NOTE: The XML for the policy templates is specified in the init.xml file in the Access Governance Suite installation directory/WEB-INF/config/ directory.  Installations wanting to disable this feature from the start can modify the policy templates' certificationActions lists in this file before initializing the system.