05/30/2022 04:34 AM
05/30/2022 04:40 AM - edited 05/30/2022 04:51 AM
Greetings.. Yes.. This is possible.. You can create a read only sav role for all identity objects.. You create a SAV role by navigating to Admin-->SAV role-->create SAV role.. After creating the new role if you open the default page there will be a parameter called "Readonly role". by enabling this you can make the corresponding SAV role read only. Please follow the below document for any clarifications. https://saviynt.freshdesk.com/support/solutions/articles/43000639271-creating-and-managing-custom-sa...
Thanks and regards,
05/30/2022 04:51 AM - edited 05/30/2022 05:06 AM
Yes, you can create a new SAV Role with Read only access Navigate to Admin->SAV Roles-> Create SAV Role-> Create New Role or Copy Existing Role.
Once you click on Create SAV Role you will get a dialog box with 2 option either you can create a new or can copy an existing one.
Once you click on create /copy existing one and enter the required details you will see the SAV role detail page with a toggle button " Readonly Role" , you need to enable this.
Please refer : Creating and Managing Custom SAV Roles : Customer Portal (freshdesk.com)
06/01/2022 03:30 AM
Thank you for the solution.
I had created a new SAV ROLE in my lower environment with the copy of Role admin ,enabled READ only option as shown in the below attachments, when i logged in as a user credentials I couldn't able see the data in any of objects like
ex: end points/connections i found like no records were found instead of actual data(please see the attached for reference)
06/01/2022 03:50 AM - edited 06/01/2022 03:54 AM
Please add your user in the users tab of the SAV Role and other needed access in the "Access" tab
06/01/2022 04:19 AM
I already added the user and coming to access tab we had taken the copy of existing sav role(ROLE_ADMIN)
can you please let me know if any info is required
06/01/2022 04:18 AM
Hi @kalyant ,
This is because the security model of these modules is different from the general. Only ROLE_ADMIN by default can see all the endpoints,connections,rules etc. Any other SAV Roles (even the copy of ROLE_ADMIN with a different name or a Read only type copy of ROLE_ADMIN) will not be able to see these objects.
In order to see the Connections and their associated Endpoints/Security systems, you will need to add the Default SAV Role on the connection as below:
For Rules, you will need to add owners to the rules and provide the owners access to the rule view/edit page for them to be able to see the rules.
06/01/2022 09:09 AM
Hi Sahaj ,
We have tried using default Sav role but we are using that option for some other business requirement .would it be possible to create custom save role with read access to all objects.
06/01/2022 02:26 PM
In order to be able to view the Security Systems/Endpoints and its associated accounts using a custom SAV Role, you have to populate the Default SAVRole at the connection level.
Try adding the custom savrole that you have created in the one of the connection and you should be able to see the details for the security system.
There is no other way to use custom savroles to view "all objects" in my opinion.