Saviynt Forums

Community_User · ‎04/12/2022

Originally posted on March 27 2020 at 11:57 UTC

Hi, I would like to configure a Sav Role that can only request for a specific application (e.g AD Acme) for the users in his perimeter.

By checking the SAV Role configurations, I know there's a 'Access to Endpoints' configuration, which I filled as below :

However, once I logged-in with one of the users having this SavRole, I am still able to see the other endpoints (as they match the respective endpoints' Access Query').

Therefore, can someone enlight me on what 'Access to Endpoints' configuration is helpful for ? I read this in the documentation :

Thanks,

SSM Version : 5.4.0

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on April 2 2020 at 14:42 UTC

The "Access to Endpoints" configuration in SAV role is to provide access to selected list of endpoints while raising a request. However, if the user is delegatee for the other user having different SAV role then he will be able to access the endpoints listed in 'Access To Endpoint' field of both the SAV roles.

Feel free to reach in case further information required.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on April 2 2020 at 15:54 UTC

Hi Sayli,

Is the "Access to Endpoints" configuration provide accesses to the listed endpoints while raising a request for self or does it apply also for the users in the 'Whom to Request' when a user having this SAV role is requesting access "for others" ?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on April 4 2020 at 14:20 UTC

Hey guys,

Even i have the same issue as Adrien. I still see all endpoints even though i have just mentioned 2 Endpoints for a SAV role.

Please do provide your valuable inputs.

Thank you!

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on April 8 2020 at 12:45 UTC

Another question coming from customers is how to configure a SAV Role so that users can only approve requests for a particular endpoint ?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on April 8 2020 at 15:57 UTC

As simple as below screenshot, the 'One Level Down the Hierarchy' settings works fine.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on April 21 2020 at 17:08 UTC

Hi Adrien, Currently we don't have an option to allow users to approve requests for a particular endpoint

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on May 25 2020 at 10:27 UTC

Hi Adrien/Pratith,

You can use access query as shown below to restrict the applications based on a specific SAV Role of the requestor

WHERE ${requestor.id} IN (SELECT DISTINCT us.userkey FROM User_savroles us JOIN SavRoles sr ON us.rolekey=sr.rolekey WHERE sr.rolename='ROLE_IT HELP DESK')

Thanks,

Rajesh

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Saviynt Forums

Sav Role - Access to Endpoints