Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Restricted Application request access

aishwarydubey
New Contributor III
New Contributor III

Hello,

We have a use case where we need users should only have access to request for a certain application and no other based on a SAV role. For example :-

  • Lets say we have a user with certain SAV role assigned
  • And we have 3 applications A,B,C and  AD, Azure etc. while requesting for self.
  • Also let's say users will have a custom property1 with values A or B or C
  • Now the use case if, if the user have custompropert1 as A then he should only see only an option for A on UI while requesting for self and nothing else. Similarly if he has customproperty1 as B then he should see only B and nothing else including AD and Azure.

So I wanted to ask if there is a way where this can be achieved in Saviynt based on a SAV role or any other configurations?

 

Thank you!

11 REPLIES 11

rushikeshvartak
All-Star
All-Star
  • Use access query under Endpoint

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hello Rushikesh,

Well we have to add filters to every endpoint? Can we do it for only specific SAV roles. So for example people from certain SAV role should have restricted access and others should have full? Is there any configuration at SAV role level?

 

Thank you!

 

  • Endpoint visibility is controlled by Endpoint - Access query and not from Sav roles 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rahul_p
Regular Contributor III
Regular Contributor III

Hello @aishwarydubey ,

You can use "Access Query" under endpoint configuration, the query can be :

users.CP1=endpoint name

So automatically restriction will get imposed.

Thanks,
Rahul
Please accept this as solution if it resolves your issue.

Hi Rushi/Rahul,

Currently our requirement states if a users CP1 is ABC that user should only be able to see endpoint named (ABC) while requesting from ARS and no other application should be visible.

Below is the query which we are using where users.employeeType in ('XYZ') and users.CP1 like "%ABC%"

This query is allowing the users who satisfy the above condition to have visibility to request the same Via ARS but the other part where the user shouldn't be able to see the other remaining endpoint via ARS is not getting completed.

Please let us know are we suppose to add some access query in all other remaining endpoints also to avoid them getting requestable via ARS?

What is access query added for other endpoints ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi Rushikesh,

For other endpoint we did not tried using any access query.

Should we also go and add some similar access query for the endpoints which we want to hide?

Regards,

Shahista

yes


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi Rushikesh,

I tried to update the other endpoint with the access query users.CP1 NOT LIKE "%ABC%" as it is the deciding factor which decides for these users.

But it hide the endpoint also from all the other users who had CP1 blank,Null or any other value.

Please can you suggest if any other changes also needed.

Thanks,

Shahista

share screenshot

Sample : WHERE CUSTOMPROPERTY1 NOT LIKE '%ABC%'


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rahul_p
Regular Contributor III
Regular Contributor III

Hello @aishwarydubey ,
We recently implemented this using endpoint access query only, may try to copy employee type to any custom property and then use that CP in access query to get match and display.

If still not then you need to work with Saviynt via freshdesk ticket.

Regards,
Rahul
Please accept this as solution if it resolves your issue.