Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Time based Request Application Role

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 18 2021 at 12:14 UTC

Hello Team,


We have a requirement where customer has created Application Roles and looking forward for a requirement to make this role time based.


Customer has various roles in environment which is configured to be allowed for 1 year or 6 months.


1. There is a config name Default Time Frame on Roles. Can you please help in understanding the usage of the same?

2. I have configured 720 (30 Days) on this parameter, but what I see that there is no restriction on End Date and I can make a request for more than specified Date? Is this parameter to behave in this way?

3. If not, Can you please confirm how can I enable a maximum allowed time frame for the role?


Customer is looking for a popup message or restriction in case there is violation.


Assistance needed.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
3 REPLIES 3

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 18 2021 at 20:37 UTC

Manish,


As far as I know, there are no provisions for making Application Roles time based in a true sense. These are only applicable for Emergency Role (Fire Fighter Roles). 

In Emergency Roles, you can provide a Default Time Frame (say 4 hours) and a Maximum Time Frame (say 8 hours) which can be configured.


You could use Enterprise Roles instead of Application Roles and configure the start date and end date as mandatory in the global configs and provide a default time frame at the role level. 

However this does not restrict the requestor to "extend" the end date since Max Time Frame is not available for even Enterprise Roles.




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 19 2021 at 04:21 UTC

Hi Avinash,


Many thanks for the explanation.

I have used below configuration to make start date and end date mandatory for application roles also:  Ask For Start Date End Date While Adding Application Role along with Entitlements Request


Anyhow, any recommendation how can we capture this requirement? Customer has a requirement that the requested app role must have maximum validity for request for 1 year.

Also, what is the actual usage of  Default Time Frame on Application Roles?


Thanks and Regards,

Manish

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 27 2021 at 04:50 UTC

Hi Avinash,


Can you explain  what is the actual usage of  Default Time Frame on Application Roles & Enterprise Roles?


Thanks

Manish

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.