and more in a single search tool across platforms. Read the announcement here. |
04/12/2022 01:10 PM
Saviynt allows controlling for whom a user can request access for. This is controlled via "Whom to Request" option in the SAV Role. This option control access to below mentioned tile -
- RequestAccessforOthers
- RequestAccessOthersMultiUser
- UpdateUserRequest
- ViewExistingAccess
- OneClickDisableUser
Up until the 5.5 base version, the system applied the same scope to all the tiles. If you say request access for your direct reports then this will be applied to all the tiles mentioned above.
From 5.5 SP2 onwards there is an ability to specify the scope specific for each of the tile. Saviynt has introduced an HQL based advance config which allows you to specify the scope for each of the tiles.
Here is a sample of the advance config -
[ {"for":"RequestAccessforOthers,RequestAccessOthersMultiUser,UpdateUserRequest","query":"select a from Users a where a.id < 100000"},
{"for":"ViewExistingAccess","query":"select a from Users a where a.id='${users.id}'"},
{"for":"OneClickDisableUser","query":"select a from Users a where a.id='${users.id}' or a.manager='${users.id}'"}
]
Refer to the attached document for the details.
Solved! Go to Solution.
04/12/2022 02:30 PM
Thanks Nitin.
04/12/2022 02:30 PM
Hi Nitin,
Can we use advance filter to restrict users from scope in Delegates and Modify Approvers? I used something like this below:-
[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser,UpdateUserRequest,RequestEnterpriseRoles,ViewExistingAccess,CreateDelegates,ModifyApprovers","query":"select a from Users a where a.username not in ('admin','SaviyntSupportAgent1','SaviyntSupportAgent2','SaviyntSupportAgent3','systemadmin')"}]
But in the create delegates screen, I am still seeing admin users. Any pointers will help here?
Regards,
Yashpal