Policy Simulation
Policy simulation runs a background task that iterates over all identities to determine if a policy violation occurs for the rule or policy. This process can be time-consuming and resource-intensive, depending on the complexity of the policy definition and the number of identities and accounts.
Before you make a policy active in your production environment, you can run a simulation for:
-
All enabled rules in policy – click Run Simulation next to the Cancel button. To view the number of violations, click View Simulation.
-
A single rule in a policy with multiple rules – click the Run Simulation link next to the rule. To view the number of violations, click the View Simulation link.
When you run a simulation on a policy, the policy is saved and the test is run for all the enabled rules. The rule or rules are disabled and the status of the policy is changed to Inactive. To activate the policy, you must edit the policy, change the state to Active and save the changes to the policy.
Before testing the rule, make sure the names of rules are unique in a policy. When you run a simulation for a single rule, only the rule is disabled. The state of the policy is NOT changed. When you run a simulation for all the enabled rules in a policy, the state of the policy is changed to inactive. To activate the policy, you must change the state to Active and save the changes to the policy.
For information on working with the rules for each policy type, see Policy Rules.