Resolved! Default Savrole Configuration
Which property states the default savrole assignement of all users imported to Saviynt?-Siva
Forum Posts
ROLE_TASKADMIN SAVROLE unable to view tasks details
We have created ROLE_TASKADMIN to view the pending and completed tasks. We are able to access all the features of the Tasks except when we click on the action==>View then below Operation not allowed screen appears. Please help us with what we are mis...
Resolved! How to create SAV roles requestable using ARS ? (is it possible for SAV roles)
Is it possible to request SAV roles using ARS ? And if yes how to do it ?
Resolved! Table 'savroles' not accessible in data analyzer
Hello,we have an SQL query which is running fine in analytics and now we try to rephrase this query, which was provided by the Saviynt PPS team during project implementation.If we just copy the query from working report definition to data analyzer, t...
Assign Savrole to user
hello Team,I just that the Users were not added to the ROLE_ENDUSER Sav Role. this is because we did not run any birthrights.We still do not want any birthrights added. What is the fastest way to add the users to the ROLE_ENDUSER Sav Role without r...
Entitlement Owner - Ability to add/remove accounts
Are there self service options available to entitlement owners, where they can see what they own and then request accounts to be added/removed. I've been trying to sort out sav role features if its possible through the Manage Entitlements screen. B...
Error - Testing Saviynt App for SNOW Import FIlter
Hello,I Noticed the following error when testing the user and application import filter in the Saviynt App for ServiceNow. Any idea on what is causing this?UI Error msg:ServiceNow Log error message:<!doctype html><html lang="en"><head><title>HTTP Sta...
Resolved! Sav role permission
Note: Its working, there was a delay in sync. Is there any way we can restrict /allow user to request for self, and users from same department.I tried to write advanced query in Whom to request section. But its not working as expected. Query: select ...
How does Rules evaluation work for REST API created/updated users?
Hello,We will manage Saviynt users via Saviynt REST API. The API Spec mentioned checkrules is to control if the rules will be evaluated immediately (when checkrules is true) or or later (when checkrules is false ) for user creation or update.Another ...
Resolved! Custom Sav role issue
I am trying to create a custom SAV role to view all Tasks and users tabs only.However, I can not see any tasks in a pending or completed state.to debug I give all permissions to that custom SAV role. But the issue is still there.I tried user GRP as w...
Resolved! Attestation dashboard permissions - SAV role
Hi, I've created an Attestation Admin SAV role, which can fully manage attestation campaigns. This role has an attestation dashboard which grants access to a bunch of data. Most of the tiles are click-through to analytics. These analytics have all be...
Resolved! feature for Recent Request details in NEO
Which feature needs to be added for below option on Home page in v24.1 ?
how do we limit a certain person to manage entitlements for a certain endpoint
We created a logical ad application and the entitlements were populated in the child endpoint. How do we allow a person or usergroup to manage the entitlements in the child endpoint. He should not be able to see other entitlements for other endpoints...
Resolved! AAD Group creation Tab not found inside Manage Groups in request home page
Hi Forum,I am referring to the below link for AAD Group Creation, it mentioned I can create group via Saviynt on below path: Navigate to > Home and select > Manage Groups > Create AAD Group.https://docs.saviyntcloud.com/bundle/EIC-User-v24x/page/Con...
ROLE_TASKADMIN not working properly
Hi Team,We are facing issue with ROLE_TASKADMIN where users are able to view the task list but they are not able to see dropdown to view, discontinue, complete tasks.Below is the screenshot what exactly the issue is.I am hereby attaching the feature ...
Resolved! Delegation - End Users cannot edit / extend an existing delegation
Hi,Having assigned the below features to a Manager SAV Role, users can create a delegation accordingly.However, I would like them to be able to edit any upcoming or active delegation, as per need.Let's say that :A delegation is active and ends on 1st...
Tech rule not working
Hi,I have created a technical rule for customisation, I have followed the correct steps to create it. However it is not working after user update meeting the tech rule condition.Thank you,
Custom SAV Role for Analytics Access - remove 'Delete' and 'Schedule' permission
Hi,We have a requirement to create a SAV Role in Saviynt v23.8, so that its members can access the Analytics module to strictly perform only the following tasks:-1) View & Download V2 Analytics Reports History.2) Run only the Custom Analytics Reports...
Resolved! If not assigned the SAV role_admin you cannot add a user to role, but you can add a role to a user
Hi, If not assigned the SAV role_admin you cannot add a user to role, but you can add a role to a user.E.g if assigned ROLE_ADMIN_COPY which is a duplicate of role_admin when trying to add a user to a role no users are displayed to add. If you then ...
Organization List is empty for User with Custom Sav Role
Hi,I have configured a custom Sav Role for user to have capability of 'Create New Organization' and 'Update Existing Organization'. Below are the list of features assigned to this sav role:HomeCreate_User_RequestGet_DB_Data_Runtime_AnalyticsUpdate_Us...
Unable to view all Service Accounts while Reset Password for Service Accounts in custom SAVRole
We have a usecase where a custom SAV role should be capable of resetting all service accounts password.I have tried using OOTB feature but it does not show all service accounts while clicking on change password for service accounts but only the ones ...
SAV role functionality for monitoring
Hi Team,We want a new SAV role for monitoring purposes. We have a SAV role that is a copy of ROLE_ADMIN, and it is read-only access; however, with this role, we are not able to view the connection tab, application logs, or some other modules as well....
Endpoint AccessQuery working in earlier version is not working in the current version V23.11
Endpoint AccessQuery which was working in earlier version is not working in the current version V23.11Usecase: Users having 'ROLE_MT_SERVICE_DESK' SAV Role should not be able to request for the endpoint.AccessQuery: WHERE users.userkey not in(select ...
Sav role importing under Endpoint
Hi All,We have a requirement to request Admin sav role within Saviynt using ARS . Our saviynt version is V23.4. I have used a rest connector for provisioning and deprovisioning of sav roles via endpoint. It is working as expected. But when I try to r...
Resolved! Manage Delegates Access Denied Error
Hello Everyone,We are facing an issue where any user with an end user SavRole tries to access the "Manage Delegate" page an Access Denied error is thrown. They are able to navigate to the Create Delegates page via the the side panel on left with end ...
Custom SAV_ROLE to access control center dashboard
Hello, We have a requirement to create a dashboard in the control center to aid in the reporting of KPIs. We would like to create a custom SAV role that we can assign to users so that when they log in to Saviynt they can only access the specific dash...
Resolved! Read Only Sav Role for Identity Repository
We need a Read Only role to view/lookup data in the Identity Repository.We have been unable to get access to Individual Accounts or the Account List. To troubleshoot, we started with the ROLE_ADMIN default role and created a read only copy, but this ...
SAV Role Change Password restriction on a Endpoint
Usecase:We have End User SAV Role and Service Desk Sav Role . The End users should be able to change their password through Saviynt for Active Directory Endpoint. And End user is the basic role which all the users will be having by default.On the oth...
Read Only SAV Role is restricting from managing(run, edit) Analytics
We have a requirement to provide read only access to few features of Admin module(viewing accounts, access, etc) and simultaneously they should also be having access to manage the analytics. I have attached the features that we have added in both the...
Advanced Query in SAVRole is not working
Hi,We have created a custom SAVRole and have done the following configuration in it - The query in HQL which we have used is this : select a from Users a where a.id in (select us.userkey from User_accounts us, Accounts cc where us.accountkey=cc.id a...
Resolved! "Remove User from Role" Button not working, when ROLE_UIADMIN is assigned
Hi everyone, I assigned my user the ROLE_UIADMIN role. Since then I'm not able to unassign roles with that user anymore in the UI. When I click "Remove User from Role" (under Admin > SAV Roles > any Role > Users), nothing happens. The Browser conso...
Transfer of timebound role in case job fails
Hi Team,Recently our saviynt account import job(DB connection) failed with some duplicate entry error. On checking the issue, we did not find any duplicate entry. There were some timebound roles assigned to users, when the job failed it deleted all t...
Sav Role with minimum SOD feature
Hi All,We have client requirement where we need minimum features of a SAV role that allows user to take action on any SOD Violation from SOD workbench irrespective of risk owner(like admin but just for risk).Let us know how to achieve this .Thanks,
Resolved! How to Filter on the Accounts for whom Access Request can be Opened
Hi,If we need to restrict he logged in user to see only a particular set of Identities only in the ARS module for whom the logged in user can raise an access request, one of the possible solutions is to build a custom SAV Role and specify the configu...
Enabling Time Bound requests for SAV Roles
Hi Guys, I've configured sav4sav connection, fetched all users and entitlements and created workflow to allow me request for SAV Roles which is working completely fine however when I'm trying to enforce asking for Start Date End Date while Requests f...
How do I view members of an AAD group with a minimum privileges SAV ROLE?
Hello,We want all users to be able to see all Azure AD AAD group members (i.e. Account associated with each Entitlement).Many of our users have an end user SAV ROLE that can only login and Certification, and we feel that we need to grant privileges t...
Users not able see pending tasks
We have created a new savrole, where user should able to see all the pending and completed tasks in the system and take action on them. I have below permissions added and when user clicks on pending/completed tasks he sees "No data available". Please...
SAV Role does not work for one user, but works for other
What is the possible cause that a particular SAV Role created to view request history for an application gives access to one user but when given to another does not reflect as expected.The other SAV Role for both users is End User.No difference in ac...
Why I cannot get Authorize Token suddenly via REST API Call?
Hello, When I call REST API to get authorize token. it return HTTP 405 Not Allowed. But I am member of ROLE_ADMIN and it worked before. see screen shot below. I am sure the username and password is correct as I can login to Admin UI.Help please! By ...
Filtering Accounts within an Access Request
Hi,The Use case is this :If there are multiple accounts associated with a single user and those accounts belong to different logical endpoints, then within the ARS module, is it possible to filter what all accounts a user can manage, i.e. Add Access ...
Resolved! SAV ROLE TO UPDATE THE ENTITLEMENT OWNERS FOR SPECIFIC ENDPOINT
Hi, i want to create a sav role which can update the entitlement owners of a specific endpoint. This sav role should only have the ability to manage the entitlement owners through UI and all other actions should be disabled. thanks for the help in ad...
ADMIN SAV ROLE READONLY
Hi Team,We have a requirement to Create 2 SAV Roles.1st SAV role will be a 'Admin Readonly' role that will allow Read only access to all the modules of saviynt.2nd Sav role will be used to provide Admins some features using which they can perform day...
Facing issue in creating username generate rule
Hello,We are facing an issue while creating the username using the username generation rule. Below is the advanced configuration we are usingCONCAT(LOWER(LEFT(users.firstname, 1)),LOWER(LEFT(users.middlename, 1)),LOWER(LEFT(users.lastname, 1)),LPAD(F...
Entitlement Owner Update SAV Role
Hi,Trying to create an SAV Role for updating the entitlements owners for all the endpoints. But it's displaying only one specific endpoint entitlement.No difference between the endpoint configuration.SAV Role Future Access:Any leads will be greatly a...
Resolved! Would like to have separate SAV_ROLE feature access to manage service account user lifecycle
Would like to know separate SAV_ROLE feature access to manage service account user lifecycle. Right now, we are relying on SAV_ADMINs for managing Service accounts. We would like to create a separate role for managing (creating/deleting/updating) Ser...
Resolved! [EIC] How to show Count value for Pending Access & Pending Certification on Hompage?
Hi, now i'm adjusting SAV ROLES for Restrict ROLE_ENDUSER to minimum access as below on EICI can't find difference of feature access for show My Pending Access and Pending Certifications.ROLE_ADMIN : Can see above two values in hom page.ROLE_ENDUSER ...
Resolved! Analytics for SAV Role Assignment
We want to create an analytic to generate a report which shows which users are assigned to which SAV role. But I am unable to find any table in data analyser where SAV role name is an attribute.How can I create such an analytic?
Resolved! Custom SAV role for APIs - Analytics and entitlement/role creation and updation
Hello Team,Which features/web service access are necessary for an SAV role for a user who is going through APIs for getting back analytics results and creating/updating entitlements/roles? We've been trying to add these ourselves but can't find the l...
Not able to change password from API
Dear community, We have created an user in Saviynt with the aim to be used with API to change user passwords. This user has been set the password by an admin account through API and we have set the localauthenabled and passwordexpired properties with...
Resolved! Copy of EndUser Sav_role not working with similar permissions
Hi All,I created a copy of sav_role "ROLE_SAV_ENDUSER" and expected it work with similar permissions but it doesn't.For example as soon i login I get an error "Access Denied"Something I should be doing more than just copying the role?
