Saviynt Forums

kalyant · ‎05-30-2022

Hi All,

Can some one help me will it be possible to create a new SAVROLE with READONLY Access to all objects in SAVIYNT like connections, endpoints, etc.

Thanks in advance

Regards,
Kalyan.

jayasudha · ‎05-30-2022

Hi Kalyan,

Greetings.. Yes.. This is possible.. You can create a read only sav role for all identity objects.. You create a SAV role by navigating to Admin-->SAV role-->create SAV role.. After creating the new role if you open the default page there will be a parameter called "Readonly role". by enabling this you can make the corresponding SAV role read only. Please follow the below document for any clarifications. https://saviynt.freshdesk.com/support/solutions/articles/43000639271-creating-and-managing-custom-sa...

Thanks and regards,

Jayasudha R

Nikitaj · ‎05-30-2022

Hi Kalyan,

Yes, you can create a new SAV Role with Read only access Navigate to Admin->SAV Roles-> Create SAV Role-> Create New Role or Copy Existing Role.

Once you click on Create SAV Role you will get a dialog box with 2 option either you can create a new or can copy an existing one.

Once you click on create /copy existing one and enter the required details you will see the SAV role detail page with a toggle button " Readonly Role" , you need to enable this.

Please refer : Creating and Managing Custom SAV Roles : Customer Portal (freshdesk.com)

Thanks
Nikita

kalyant · ‎06-01-2022

Hi Nikita/JayaSudha,

Thank you for the solution.

I had created a new SAV ROLE in my lower environment with the copy of Role admin ,enabled READ only option as shown in the below attachments, when i logged in as a user credentials I couldn't able see the data in any of objects like
ex: end points/connections i found like no records were found instead of actual data(please see the attached for reference)

Regards,
Kalyan

Nikitaj · ‎06-01-2022

Hi,

Please add your user in the users tab of the SAV Role and other needed access in the "Access" tab

Thanks
Nikita

kalyant · ‎06-01-2022

Hi Nikita,
I already added the user and coming to access tab we had taken the copy of existing sav role(ROLE_ADMIN)
can you please let me know if any info is required

Regards,
Kalyan.

sahajranajee · ‎06-01-2022

Hi @kalyant ,

This is because the security model of these modules is different from the general. Only ROLE_ADMIN by default can see all the endpoints,connections,rules etc. Any other SAV Roles (even the copy of ROLE_ADMIN with a different name or a Read only type copy of ROLE_ADMIN) will not be able to see these objects.

In order to see the Connections and their associated Endpoints/Security systems, you will need to add the Default SAV Role on the connection as below:

For Rules, you will need to add owners to the rules and provide the owners access to the rule view/edit page for them to be able to see the rules.

Regards,
Sahaj Ranajee
Sr. Product Specialist

kalyant · ‎06-01-2022

Hi Sahaj ,
We have tried using default Sav role but we are using that option for some other business requirement .would it be possible to create custom save role with read access to all objects.

Regards,
Kalyan

avinashchhetri · ‎06-01-2022

Hi Kalyan,

In order to be able to view the Security Systems/Endpoints and its associated accounts using a custom SAV Role, you have to populate the Default SAVRole at the connection level.

Try adding the custom savrole that you have created in the one of the connection and you should be able to see the details for the security system.

There is no other way to use custom savroles to view "all objects" in my opinion.

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

Saviynt Forums

Creation of new SAVROLE with READONLY access for all objects in Saviynt