Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Specify different scope for the various Request tiles within Saviynt

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:10 PM

Originally posted on June 12 2020 at 11:27 UTC

Saviynt allows controlling for whom a user can request access for. This is controlled via "Whom to Request" option in the SAV Role. This option control access to below mentioned tile -

- RequestAccessforOthers

- RequestAccessOthersMultiUser

- UpdateUserRequest

- ViewExistingAccess

- OneClickDisableUser


Up until the 5.5 base version, the system applied the same scope to all the tiles. If you say request access for your direct reports then this will be applied to all the tiles mentioned above.


From 5.5 SP2 onwards there is an ability to specify the scope specific for each of the tile. Saviynt has introduced an HQL based advance config which allows you to specify the scope for each of the tiles.

Here is a sample of the advance config -

[ {"for":"RequestAccessforOthers,RequestAccessOthersMultiUser,UpdateUserRequest","query":"select a from Users a where a.id < 100000"},

{"for":"ViewExistingAccess","query":"select a from Users a where a.id='${users.id}'"},

{"for":"OneClickDisableUser","query":"select a from Users a where a.id='${users.id}' or a.manager='${users.id}'"}

]


Refer to the attached document for the details.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
2 REPLIES 2

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:30 PM

Originally posted on June 13 2020 at 04:35 UTC

Thanks Nitin.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:30 PM

Originally posted on May 4 2021 at 07:21 UTC

Hi Nitin,


Can we use advance filter to restrict users from scope in Delegates and Modify Approvers? I used something like this below:-

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser,UpdateUserRequest,RequestEnterpriseRoles,ViewExistingAccess,CreateDelegates,ModifyApprovers","query":"select a from Users a where a.username not in ('admin','SaviyntSupportAgent1','SaviyntSupportAgent2','SaviyntSupportAgent3','systemadmin')"}]


But in the create delegates screen, I am still seeing admin users. Any pointers will help here?


Regards,

Yashpal

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
Copyright © 2024 Khoros, LLC