Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 01:12 PM
Anybody has any idea about the different types of roles in Saviynt?
And how are they to be used or what are their purposes?
I understand Enterprise roles and Firefighter roles, and they are the only ones that can be requested through ARS.
What are the other role types and how are they to be used?
Solved! Go to Solution.
04/12/2022 02:33 PM
Just covered this today in the level 200 training! The Entitlement type is only used with AD connector, with a relatively new feature that lets you provision groups into AD based on roles you set up. Enterprise and Application are very similar with a few differences: Application can contain entitlements from one endpoint. Enterprise can contain entitlements from multiple endpoints. Enterprise request is a different tile on the dashboard and the customer sees a list of available enterprise roles (but this can be filtered). Applicaiton roles are requested like any other entitlement, after they choose the application to request from. Firefighter is for short term, time limited emergency access. That means the entitlement is removed after a configured time.
Enabler is the old way to do an Entitlement Role for AD group/role creation, but it will be deprecated eventually.
More data here:
https://saviynt.freshdesk.com/support/solutions/articles/43000431785-creating-roles
04/12/2022 02:33 PM
Thank Jim. That was good information. And I think what you explained should be incorporated in the article.
There are many aspects and features to the SSM which are not available in documentation. This leads to customers not using them because you don't know what you don't know.
But thanks for the quick reply and explanation.
04/12/2022 02:33 PM
We'll get the documentation updated with the info.
04/12/2022 02:33 PM
any updates?
04/12/2022 02:33 PM
Hi all it's been 2 years and the following information has NOT been updated in the Saviynt Knowledge doc:
The Entitlement type is only used with AD connector, that lets you provision groups into AD based on roles you set up.
Enterprise type roles allow entitlements from multiple endpoints.
Application type roles allow ONLY entitlements from a Single endpoint.
Firefighter type roles are for short term, time limited emergency access. That means the entitlement is removed after a configured time.
Enabler is the old way to do an Entitlement Role for AD group/role creation, but it will be deprecated eventually. 2 years and this is still an option? When will it no longer be on the dropdown?