Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Hide the Remove Account button on ARS page for End user and show to only Admin User

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on November 4 2020 at 06:34 UTC

Hi,


We have a requirement where we want to show the remove account option for endpoint only to Admin user and not to end user. End user will see only Add and modify account option. In Endpoint we have the option to Disable Remove account but it will disable that operation for all users.


How we can show/hide the remove account conditionally in ARS page.


Regards,

Anjali

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
4 REPLIES 4

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on November 4 2020 at 07:24 UTC

Hello,


This is currently not possible. We'll add it to our product backlog. Are you also looking at this for specific accounts or endpoints or removing it from all accounts for an end user? Another question would be, is it specific to request for others or when you request for yourself?


Regards,

Aditya

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on November 4 2020 at 07:56 UTC

We want this on specific application basis and for End users. It's for others as well for self.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on August 25 2021 at 20:38 UTC

Is this completed and part of Saviynt now? We need this for our customer.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on August 26 2021 at 07:14 UTC

A workaround would be to reject the request for end users in the Approval Workflow.

Meaning end users can still perform the action but no action would be taken in the target system.


To implement this, you can add a If/Else condition block, that targets the SAV Roles of the requestor.

 

requestedby.authorities.collect { it.authority }.contains("ROLE_ENDUSER")


You can combine this with checking if the request is a REMOVE ACCOUNT operation : 

DELETE_ACC_REQUESTS_COUNT = 1 in the Request Access Map as sample below :

 

[NEW_ACC_REQUESTS_COUNT:0, ADD_ACCESS_REQUESTS_COUNT:0, REMOVE_ACCESS_REQUESTS_COUNT:0, MODIFY_ACC_REQUESTS_COUNT:0, DELETE_ACC_REQUESTS_COUNT:1]


Above sample checks if the requestor has the ROLE_ENDUSER in his SAV Roles.

You can adjust this to your requirements and then link it to a "Reject Access".


Finally, you can let the end users know that they should not use this feature and that no action will be performed if such attempt happens.


Hope this helps you achieve your requirements !

Regards.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.