and more in a single search tool across platforms. Read the announcement here. |
02/22/2024 06:25 AM
We have a requirement to assign a particular sav role automatically every time as soon as user is provisioned with a particular endpoint. Can anyone please help to achieve my use case?
Currently in our versionv23.12 version I don't savrole table? Is it removed from this version?
02/22/2024 07:12 AM - edited 02/22/2024 07:13 AM
You can add endpoint level sav entitlement in below tab ,it will create default when endpoint request created
02/22/2024 07:20 AM
Hi @Diwakar , this would end up the similar answer as your earlier post. You need to configure Sav4Sav connector/security system.
And use setting below on other endpoint and add sav role entitlement here. Every time a new account is created for this endpoint , Saviynt will also create a task for sav role addition.
Thanks, Amit
If this answers your query, Please ACCEPT SOLUTION and give KUDOS.
02/22/2024 07:29 AM
@CR @AmitM Thanks, for the response then again, I am stuck request to provide some info how to convert Role/user group to an entitlement through SAV4SAV. We already have SAV4SAV created as DATABASE so where to put this to convert role/user group to entitlement in Saviynt Endpoint.
I tried checking everywhere in forum but unable to find the complete process for the same. Any sample info would be helpful in achieving my use case.
Thanks beforehand.
Diwakar.
02/22/2024 07:44 AM
if you click on connector and share above config. This is what sets up these objects as entitlement.
And hope you have import jobs scheduled for sav 4 sav
Thanks,
Amit
02/22/2024 08:04 AM - edited 02/22/2024 08:05 AM
Hi @AmitM ,
Please find the attached config as requested, please let me how to modify to our use case without impacting any current setup. Really appreciate your help on this.
And hope you have import jobs scheduled for sav 4 sav---u mean this job??
Thanks,
Diwakar.
02/22/2024 08:20 AM
Based on your config Savroles are imported as entitlement. Same can be done for user groups.
zBut for this forum you already have sav roles as entitlement. SO follow my earlier post and add those as Entitlement with new account in your other endpoint.
On job - the one you share screen shot is user import. There must an entitlement import also , if not that is what you need to create. Go to Saviynt 4 Saviynt endpoint and see if you can find ents there.
02/22/2024 08:43 AM
@AmitM Thanks for your response, I checked Saviynt4Saviynt endpoint but entitlement in that endpoint is empty.
You mean, we need to create separate job for entitlement import under below category to import SAV roles as entitlements?
Thanks,
Diwakar.
02/22/2024 08:58 AM
@Diwakar do you have sav roles list?all roles have minimum 2 users if not please add it run access import job
02/22/2024 09:21 AM
correct, create the job if there is not one already and run.
02/22/2024 10:11 AM - edited 02/22/2024 10:58 AM
@AmitM @CR I have created the job and ran, manage to import all sav roles as entitlement to the Saviynt endpoint, however when we map the same to existing ADM endpoint like this
and then tested to one account then we can now see Saviynt security system task has triggered as new account?
Is this the expected outcome?If yes then we don't want to get this account provisioned separately, we only want to add the one of the SAV role which we linked as entitlement in ADM endpoint. Please suggest!
02/23/2024 05:59 AM
@AmitM Any further suggestion on this please?
Please be informed we are not assigning Saviynt endpoint as default to all users. So how converting SAV role to entitlement from SAV4SAV connector will work.
02/22/2024 07:51 PM
02/23/2024 12:13 AM
@rushikeshvartak Want to go with option 5, Can you please help to provide enhanced query to insert into savroles_users table.
Our requirement is to insert those users into one of the SAV role where user is provisioned with ADM endpoint. Not able to find suitable query for this.
02/25/2024 10:55 AM
select 100 as user_savroles__userkey,1 as user_savroles__rolekey as from user_savroles
Join with accounts, user_accounts table to do proper insert.
First try above query if it works
02/25/2024 11:52 PM
@rushikeshvartak I tried but it gave below error:
Request your help to please provide complete insert query that can be used in enhance query execution job with below requirement:
*Insert those users into one of the SAV role where user is provisioned with ADM endpoint.*
02/26/2024 12:06 AM
@Diwakar @rushikeshvartak Below tables restricted in Enhanced query update reason due to inherent constraint
user_accounts
user_savroles
@Diwakar you need to inser query as per your requirement and include in s4s(cloud) connection Sample :INSERT INTO USER_SAVROLES(USERKEY,ROLEKEY) VALUES(${user.id},(select rolekey from savroles where rolename = ( select entitlement_value from entitlement_values where entitlement_valuekey = ${task.entitlement_valueKey.id})))
02/27/2024 02:40 AM
@CR I believe insert operation is moved to enhanced query job in latest saviynt version, can you please provide query based on the latest job? Below is the sample given in job.
02/27/2024 03:14 AM
we can inset but above table we can't insert it is restricted.
02/27/2024 03:54 AM
@CR then May I please request to provide enhance query that can be worked in current version to insert users into one of the sav roles? This is all I have been requesting, to fulfill my requirement.
02/27/2024 06:39 AM
@Diwakar insert is not supported to user_savroles table using enhanced Query
02/27/2024 07:56 AM
@rushikeshvartak Then, May I please know how you suggested below option 5 through enhance query, Why I am more focused in this approach as its simpler to achieve without making changes to existing configuration.
02/27/2024 08:03 PM
I have overlooked documentation 😑https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter10-Job-Control-Panel/Job-Cat...
02/26/2024 07:49 PM
Which connector is used by ADM endpoint ?
02/27/2024 02:35 AM
@rushikeshvartak Its same AD connector which is used for ADM endpoint. Please provide the insert query for SAV roles with endpoint condition.
02/27/2024 06:37 AM
Use Entitlement Map concept . Attach saviynt endpoint entitlement as mapped entitlement under ad entitlement
02/28/2024 07:55 AM
@rushikeshvartak We did the mapping to the AD entitlement however add task for SAV role is only triggering for AD group managed by Saviynt but when we tested with AD group which is not managed by Saviynt then task is not triggering, we wanted to trigger the same for AD group not managed by Saviynt.
Let me know if it's possible. If not, please suggest the alternative approach?
02/28/2024 07:57 PM
What is AD Managed vs Saviynt managed group ?
02/28/2024 10:33 PM
@rushikeshvartak That means, we have some AD groups where provisioning is done by Saviynt and we have other AD groups where we are just importing through AD account Import job, access not provisioned by Saviynt.
So SAV role is only triggering for AD group managed which is provisioned by Saviynt it's not triggering for those groups where access is not provisioned by Saviynt. Hope that clarifies.
So please suggest how to auto trigger the SAV role for AD group where access is not provisioned by Saviynt.
Thanks,
Diwakar.