Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 12:56 PM
Hi, I would like to configure a Sav Role that can only request for a specific application (e.g AD Acme) for the users in his perimeter.
By checking the SAV Role configurations, I know there's a 'Access to Endpoints' configuration, which I filled as below :
However, once I logged-in with one of the users having this SavRole, I am still able to see the other endpoints (as they match the respective endpoints' Access Query').
Therefore, can someone enlight me on what 'Access to Endpoints' configuration is helpful for ? I read this in the documentation :
Thanks,
SSM Version : 5.4.0
Solved! Go to Solution.
04/12/2022 01:56 PM
The "Access to Endpoints" configuration in SAV role is to provide access to selected list of endpoints while raising a request. However, if the user is delegatee for the other user having different SAV role then he will be able to access the endpoints listed in 'Access To Endpoint' field of both the SAV roles.
Feel free to reach in case further information required.
04/12/2022 01:56 PM
Hi Sayli,
Is the "Access to Endpoints" configuration provide accesses to the listed endpoints while raising a request for self or does it apply also for the users in the 'Whom to Request' when a user having this SAV role is requesting access "for others" ?
04/12/2022 01:56 PM
Hey guys,
Even i have the same issue as Adrien. I still see all endpoints even though i have just mentioned 2 Endpoints for a SAV role.
Please do provide your valuable inputs.
Thank you!
04/12/2022 01:56 PM
Another question coming from customers is how to configure a SAV Role so that users can only approve requests for a particular endpoint ?
04/12/2022 01:56 PM
As simple as below screenshot, the 'One Level Down the Hierarchy' settings works fine.
04/12/2022 01:56 PM
Hi Adrien, Currently we don't have an option to allow users to approve requests for a particular endpoint
04/12/2022 01:56 PM
Hi Adrien/Pratith,
You can use access query as shown below to restrict the applications based on a specific SAV Role of the requestor
WHERE ${requestor.id} IN (SELECT DISTINCT us.userkey FROM User_savroles us JOIN SavRoles sr ON us.rolekey=sr.rolekey WHERE sr.rolename='ROLE_IT HELP DESK')
Thanks,
Rajesh