This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can we prevent users from removing their birthright roles from Manage My Access

Sampo
New Contributor III
New Contributor III

‎06/08/2023 04:44 AM

Hi,

we're assigning roles to users using technical rules as birthrights.

When an enduser clicks Manage My Access link, there is an option to manage Roles and the user can choose to delete the roles that were granted as birthright roles. Is it possible to prevent the users from doing that or hide the 'Roles' section completely from Manage My Access?

best regards,

Sampo

 

Labels:
0 Kudos
4 REPLIES 4

dgandhi
All-Star
All-Star

‎06/08/2023 06:01 AM

Below post has the solution:

https://forums.saviynt.com/t5/identity-governance/requestable-role-query/m-p/36868#M20876

Is there any identification at the Role level which states whether a role is birthright role or not? If there is identification then based on that identification you can write your role query.

In our case , all the birthright roles had one role CP value as "BirthRightRole" and in Role query, we showed all the roles whose CP value was not like 'BirthRightRole' this way the birthright roles were not available for request.

Please check below config:

dgandhi_0-1686229265931.png

 

 

Thanks,
Devang Gandhi
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

Sampo
New Contributor III
New Contributor III
In response to dgandhi

‎06/08/2023 12:45 PM

Hi Devang,

the Request Role Query seems to hide the roles from ARS but the roles are still visible in 'Manage My Access' page and the user has the option to try to delete it, even though the deletion will fail with "Role.Not.Requestable" error message. Ideally we'd like to hide the roles from the 'Manage My Access' page or hide the delete button that is visible for each role.

 

best regards,

Sampo

0 Kudos

KasperT
New Contributor III
New Contributor III

‎06/27/2023 03:59 AM

Hi Devang,

Any comments on Sampo's question? We tried to open FD ticket for this but they wanted us to make forum post instead. No need for new post as there is this one.

0 Kudos

DaanishJawed
Saviynt Employee
Saviynt Employee
In response to KasperT

‎07/06/2023 09:37 AM

Hi @KasperT  and @Sampo ,

For Enterprise Role, there is no such config to remove the delete button or even remove the 'Roles' part from the Manage my Access tile since it showing all the available accesses that you have.

This would be an enhancement request that you can submit on Ideas Portal - https://ideas.saviynt.com/ideas/

Thanks.

0 Kudos
Copyright © 2023 Khoros, LLC