【IAG】The PC Browsing Page Was Rejected By IAM But Did Not Generate A Log
Issue Description
The PC browsing page was rejected by IAM but did not generate reject logs
Handling Process
-
Trying to create Access Policy disables all applications and still does not generate logs.
-
Check Access Policy and find that Services Policy is configured and all services are denied.
-
Disable Services Policy, then browse the pages that are forbidden, and rejection logs has been generated on IAM.
Root Cause
The behavior rejected by the Services Policy does not generate a log, and the priority of the Services is higher than the Application Policy, so the first thing that works is the Services Policy, so no logs are generated.
Solution
Disable Services Policy and use Application Policy.