Skip to content

Interpreting Violation Reports

The policy violation reports available with the Separation of Duty service are configured to provide you with any information you might need to correct or manage violations.

The first several columns of the report are information about the policy itself. These are present in all reports, including violation reports for a single policy. This means that in some cases, the first several columns of an SoD report are identical across multiple rows.

After these columns, the report provides information about the identity in violation.

The table below provides a list of columns found in violation reports and a description of the information found in them.

Column Name Description
SOD Business Name The name of the policy.
SOD Description The description of the policy.
SOD Policy Owner Display Name The name of the identity listed as this policy’s owner.
SOD Policy Owner IDN Unique ID The technical ID of the identity listed as this policy’s owner.
SOD Policy Owner Email The work email address of the policy owner.
SOD Tags Tags associated with the policy.
SOD External Reference The external reference to additional policy information, if provided during the policy’s creation.
SOD Policy Implementation How the policy was implemented. If this is a general policy, this is the query used to create the policy. If this is an SoD policy, this column displays a search query that is automatically constructed based on the two lists of entitlements.
SOD Mitigating Controls Instructions for what to do if a policy violation is unavoidable.
SOD Correction Advice Additional information on how to correct violations of this policy.
SOD Policy Created Date The date this policy was added to Identity Security Cloud.
SOD Policy Creator IDN Unique ID The technical ID of the identity that added this policy to Identity Security Cloud.
SOD Policy Creator Display Name The display name of the identity that added this policy to Identity Security Cloud.
SOD Policy Creator Email The work email address of the identity that added this policy to Identity Security Cloud.
SOD Policy Modified Date The date this policy was last modified.
SOD Policy Modifier IDN Unique ID The technical ID of the most recent identity to modify this policy.
SOD Policy Modifier Display Name The display name of the most recent identity to modify this policy.
SOD Policy Modifier Email The work email address of the most recent identity to modify this policy.
Latest Violation Date Time The most recent date any new violation was detected for this policy.
SOD Violation Owner Type Whether the violation owner for this policy is an individual identity or a governance group.
SOD Violation Owner ID The technical ID of the identity or governance group listed as this policy’s violation owner.
SOD Violation Owner Name The name of the identity or governance group listed as the violation owner for this policy.
SOD Violation Owner Display Name The display name of the identity or governance group listed as the violation owner for this policy.
SOD Violation Owner Work Email If the violation owner of this policy is an identity, the work email address of that identity.
SOD Violation Owner Alternate Email If the violation owner of this policy is an identity, the alternate email address of that identity if applicable.
Identity ID The technical ID of the identity in violation of this policy.
Identity Name The name of the identity in violation of this policy.
IdentityNow UserName The user name of the identity in violation of the specified policy.
First Name The first name of the identity in violation of the specified policy.
Last Name The last name of the identity in violation of the specified policy.
Display Name The display name of the violator.
Manager ID The technical ID of the violator’s manager.
Manager Name The name of the violator’s manager.
Manager Display Name The display name of the violator’s manager.
Is Manager If the violator is a manager, true, if not, false.
Work E-mail The work email address of the violator.
Personal E-mail The alternate email address of the violator.
Work Phone The work phone number of the violator.
Personal Phone The alternate phone number of the violator.
Created The date the identity was created.
Modified The date the identity was last modified.
Synced The date the identity was last synced.
Extended Attributes A list of the custom attributes the violator's identity profile has, as well as the violator's values for those attributes.
IdentityNow Status The identity’s status on the Identities page.
Lifecycle State If applicable, the lifecycle state assigned to the identity.
Source Accounts A list of the sources the violator has an account on, and their user name on each source.
Source Account Count The total number of source accounts the identity has on all sources.
Access A list of the names of all access items the violator has.
Access ID A list of the technical IDs of all access items the identity has.
Access Count The total number of all access items the identity has.
Role Count The count of all roles assigned to the violator.
Access Profile Count The count of all access profiles assigned to the violator.
Entitlement Count The count of all entitlements assigned to the violator.
Employee Number If applicable, the employee number of the identity.
Inactive A boolean describing whether or not the identity is inactive.
Protected Whether or not the identity can be removed from Identity Security Cloud if it doesn't have any accounts.
Source ID The technical ID of the authoritative source.
Source Name The name of the violator’s authoritative source.
Identity Profile Name The name of the violator’s identity profile.
Identity Profile Id The technical ID of the violator’s identity profile.
Processing State This field is blank unless the identity experienced an error during aggregation, in which case this field will be ERROR.
Violation First Identified Date The date this violation was identified.
Violation Last Seen Date The date this violation was last detected.
SOD Policy Type The type of policy. This is either “Separation of Duties” or “General.”
Left Conflicting List Name If this policy is a separation of duties policy, the name of the first of the two conflicting access lists.
Left Conflicting Policy Access (entId:entName) A list of all entitlements in the first conflicting access list. The first part of each item is the technical ID of the entitlement, and the second part is the entitlement’s name.
Left Violated Access (entId:entName) The access the violator has from the first conflicting access list.
Right Conflicting List Name If this policy is a separation of duties policy, the name of the second conflicting access list.
Right Conflicting Policy Access (entId:entName) A list of all entitlements in the second conflicting access list. The first part of each item is the technical ID of the entitlement, and the second part is the entitlement’s name.
Right Violated Access (entId:entName) The access the violator has from the second conflicting access list.

Note

Identity Security Cloud is SailPoint’s next-generation identity security solution. It encompasses and builds on features and functions from IdentityNow. The product documentation covers both Identity Security Cloud and IdentityNow features.

Documentation Feedback