Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 01:14 PM
Other than ROLE_ADMIN, none of the SAV roles noted in the following article exist in our environment. How do we get these in our environment? If we have to make them manually, what permissions are required? I don't see any documentation of that.
https://saviynt.freshdesk.com/support/solutions/articles/43000432075-sav-role-administration
Solved! Go to Solution.
04/12/2022 02:38 PM
Hi Adam
WIth new version of SSM we create only one default SAV ROLE i.e. ROLE_ADMIN. All other SAV ROLES as mentioned on the doument are supported provided we configure them with required access and configs.
ROLE_UIADMIN is the reserved SAV ROLE, and user with this role would be able to edit labels for the pages or options the user have access to provided via access tab on the SAV ROLE details page.
ROLE_USER/ROLE_MANAGER: This are the persona based SAV ROLES i.e. normal user and manager. Where in USER can have limited access to make requests and manager would have access to make requests for themselves and their subordinates, check delegates and own items. This are controlled via config, access and "createrequesthome".
ROLE_READONLY: This is the SAV ROLE which can be created to have user read only access for the pages provided access via access tab and for whom read only flag is enable on SAV ROLE details page.
We would get the documentation also updated for this.
Thanks
Ajay
04/12/2022 02:38 PM
So how do we get these setup in our environment? It sounds like it is something that needs to be done by Saviynt if I'm reading this correctly.
04/12/2022 02:38 PM
Hi Adam,
This SAV ROLE can be created by administartor usually with SAV ROLE ROLE_ADMIN.
Thanks
Ajay
04/12/2022 02:38 PM
So just waiting on the updated documentation at this point to show what all permissions each SAV role actually needs. Once that is updated I should be able to create these roles in our environment.
04/12/2022 02:38 PM
Hi,
For below requirement how can we configure, please comment if have any solution-
-If we assign ROLE_READONLY to user then user can view admin tabs and cant perform any operation
-Even user is unable to view/download the report
-The requirement is that user should have Read only admin access to admin tab and should be able to view/download the analytics report
Please revert with any solution.
Thanks,
Amit
04/12/2022 02:38 PM
Amit,
You can create a new SAV Role which is similar to the READONLY role but has additional access to the Analytics tab and then try.
There is no OOB role or configuration that allows you to do what you are looking for.
Regards,
Avinash Chhetri
04/12/2022 02:38 PM
Hi Avinash,
We have tested in dev and current READONLY sav role it has all the permissions added related to analytics. It is not allowing to perform analytics related operation and that is due to ReadOnly check box of role. We have disabled the checkbox which works but will loose the actual purpose of this role.
Let us know your comments on this.
Thanks
Amit
04/12/2022 02:38 PM
Amit,
I'd suggest to create a different SAV Role that just has access to perform the operations in the Analytics module and use that as a separate (auxiliary) role
Regards,
Avinash Chhetri
04/12/2022 02:38 PM
Hi Avinash,
We have created different SAV role that just has access to perform the operations in the analytics module and used that separately. User is still unable to view and download the report.
Below are the roles assigned to user,
Could you please update us with any other way to achieve use case.
Thanks,
Amit
04/12/2022 02:38 PM
Amit,
You would need to troubleshoot to figure out why it is not working. Anything you see in the logs that might help you narrow down your issue ?
Is the SAVRole that the user already has overriding access to other SAVRoles ?
Regards,
Avinash Chhetri
04/12/2022 02:38 PM
Hi Avinash,
We have created different SAV role that just has access to perform the operations in the analytics module and it override access to existing role i.e. READONLY_ADMIN role.
We could not see anything in the error log. Also, we do not have access to debug log so cant see there.
Please suggest if you would like us not override the SAV roles ?
Thanks,
Amit
04/12/2022 02:38 PM
Hi Avinash,
We have created different SAV role that just has access to perform the operations in the analytics module and it override access to existing role i.e. READONLY_ADMIN role.
We could not see anything in the error log. Also, we do not have access to debug log so cant see there.
Please suggest if you would like us not override the SAV roles ?
Thanks,
Amit
04/12/2022 02:38 PM
Amit,
Without the logs it would be difficult to troubleshoot issues. logs have a wealth of information that helps to pinpoint the issue.
Here's something you can try, if you assign a user two SAV Roles, Role Admin and ReadOnly Admin (ReadOnly value checked), which takes preference ?
Regards,
Avinash Chhetri
04/12/2022 02:38 PM
Hi Avinash,
We have assigned 2 SAV Roles to test user- Role_Admin and Role_READOnly_Admin(readonly checked). We observed that Role_READOnly_Admin role is taking preference over Admin role which does not allow us to perform operation.
We could not see anything in the error logs.
Thanks,
Amit
04/12/2022 02:38 PM
Amit,
Probably that is what is happenning to your implementation, the Auxiliary Role for the Analytics is being "supressed" because you have a ReadOnly role also in use for the user.
However, I'd try and do similar test with the Auxiliary role and the regular EndUser SAVRole before coming to a conclusion.
Regards,
Avinash Chhetri