Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

SAV Roles

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 8 2020 at 12:55 UTC

Other than ROLE_ADMIN, none of the SAV roles noted in the following article exist in our environment. How do we get these in our environment? If we have to make them manually, what permissions are required? I don't see any documentation of that.


https://saviynt.freshdesk.com/support/solutions/articles/43000432075-sav-role-administration

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
15 REPLIES 15

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 11 2020 at 07:32 UTC

Hi Adam


WIth new version of SSM we create only one default SAV ROLE i.e. ROLE_ADMIN. All other SAV ROLES as mentioned on the doument are supported provided we configure them with required access and configs.


ROLE_UIADMIN is the reserved SAV ROLE, and user with this role would be able to edit labels for the pages or options the user have access to provided via access tab on the SAV ROLE details page.


ROLE_USER/ROLE_MANAGER: This are the persona based SAV ROLES i.e. normal user and manager. Where in USER can have limited access to make requests and manager would have access to make requests for themselves and their subordinates, check delegates and own items. This are controlled via config, access and "createrequesthome".


ROLE_READONLY: This is the SAV ROLE which can be created to have user read only access for the pages provided access via access tab and for whom read only flag is enable on SAV ROLE details page.


We would get the documentation also updated for this.


Thanks

Ajay

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 11 2020 at 15:45 UTC

So how do we get these setup in our environment? It sounds like it is something that needs to be done by Saviynt if I'm reading this correctly.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 11 2020 at 16:06 UTC

Hi Adam,


This SAV ROLE can be created by administartor usually with SAV ROLE ROLE_ADMIN.


Thanks

Ajay

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 11 2020 at 16:29 UTC

So just waiting on the updated documentation at this point to show what all permissions each SAV role actually needs. Once that is updated I should be able to create these roles in our environment.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 22 2021 at 11:13 UTC

Hi,


For below requirement how can we configure, please comment if have any solution-

-If we assign ROLE_READONLY to user then user can view admin tabs and cant perform any operation

-Even user is unable to view/download the report

-The requirement is that user should have Read only admin access to admin tab and should be able to view/download the analytics report


Please revert with any solution.


Thanks,

Amit

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 22 2021 at 17:11 UTC

Amit,


You can create a new SAV Role which is similar to the READONLY role but has additional access to the Analytics tab and then try.


There is no OOB role or configuration that allows you to do what you are looking for.




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 23 2021 at 12:19 UTC

Hi Avinash,

 

We have tested in dev and current READONLY sav role it has all the permissions added related to analytics. It is not allowing to perform analytics related operation and that is due to ReadOnly check box of role. We have disabled the checkbox which works but will loose the actual purpose of this role.

 

Let us know your comments on this.


Thanks

Amit

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 24 2021 at 18:39 UTC

Amit,


I'd suggest to create a different SAV Role that just has access to perform the operations in the Analytics module and use that as a separate (auxiliary) role




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 27 2021 at 04:59 UTC

Hi Avinash,

We have created different SAV role that just has access to perform the operations in the analytics module and used that separately. User is still unable to view and download the report.

Below are the roles assigned to user,


image


Could you please update us with any other way to achieve use case.


Thanks,

Amit



 

 

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 27 2021 at 19:31 UTC

Amit,


You would need to troubleshoot to figure out why it is not working. Anything you see in the logs that might help you narrow down your issue ?

Is the SAVRole that the user already has overriding access to other SAVRoles ?



Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 28 2021 at 12:45 UTC

Hi Avinash,


We have created different SAV role that just has access to perform the operations in the analytics module and it override access to existing role i.e. READONLY_ADMIN role.


We could not see anything in the error log. Also, we do not have access to debug log so cant see there.


Please suggest if you would like us not override the SAV roles ?


Thanks,

Amit

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 28 2021 at 12:46 UTC

Hi Avinash,


We have created different SAV role that just has access to perform the operations in the analytics module and it override access to existing role i.e. READONLY_ADMIN role.

 

We could not see anything in the error log. Also, we do not have access to debug log so cant see there.

 

Please suggest if you would like us not override the SAV roles ?

 

Thanks,

Amit

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 28 2021 at 22:00 UTC

Amit,


Without the logs it would be difficult to troubleshoot issues. logs have a wealth of information that helps to pinpoint the issue.

Here's something you can try, if you assign a user two SAV Roles,  Role Admin and ReadOnly Admin (ReadOnly value checked), which takes preference ?



Regards,

Avinash Chhetri 

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 29 2021 at 05:52 UTC

Hi Avinash,


We have assigned 2 SAV Roles to test user- Role_Admin and Role_READOnly_Admin(readonly checked). We observed that  Role_READOnly_Admin role is taking preference over Admin role which does not allow us to perform operation.


We could not see anything in the error logs.


Thanks,

Amit 

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on September 29 2021 at 16:44 UTC

Amit,


Probably that is what is happenning to your implementation, the Auxiliary Role for the Analytics is being "supressed" because you have a ReadOnly role also in use for the user.

However, I'd try and do similar test with the Auxiliary role and the regular EndUser SAVRole before coming to a conclusion.




Regards,

Avinash Chhetri





This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.