Click HERE to see how Saviynt Intelligence is transforming the industry. |
12/14/2022 12:41 AM
Hi all,
As a new Saviynt customer, we are still trying to figure out the tool, and are eager to learn. Because of this, we are also trying out different things, and thus running into multiple challenges. Most of them we can handle with the training video's and information on Freshdesk.
We are trying to create a SAV role that allows an IT support employee to only change the phone number of a user using the "Update User Request" functionality. Two Feature Accesses have been added:
- Home
- Update User Request
This automatically added three Web Service Accesses:
- pmgmt_passwordResetAPIUser
- pmgmt_resetAPIUserPassword
- apiv5fetchCertificationList
When logging in as a user with this role, we can see and click the tile called "Update User Request". Doing so will show us the list of all users. We select one user and click "Next", but then we get a message "Access Denied".
I've tried looking on Freshdesk and in the training video's, but I cannot find how to debug this issue, and to find the reason why we are getting this "Access Denied" message. Can someone explain to me how I can find the reason for this?
With kind regards,
Marcel
12/14/2022 03:39 AM
Check on browser developer logs which api is giving 403 error. Additionally please share sav role configuration
12/14/2022 04:03 AM
Hi Rushikesh,
Thank you for your reply.
The only request giving 403 is
file?path=/app/usr/theme.json
12/14/2022 04:19 AM
Who to request . You need to allow all or atleast self
12/14/2022 05:44 AM
Unfortunately that does not seem to help
No new 403 messages appear
12/14/2022 05:59 AM - edited 12/14/2022 09:39 AM
Add web services
NAME DESCRIPTION URL
webservice_api_updateUser | WEBSERVICE | /api/updateUser | |
webservice_api_v5_updateUser | WEBSERVICE | /api/v5/updateUser | |
webservice_api_v5_updateUserRequest | WEBSERVICE | /api/v5/updateUserRequest |
12/14/2022 11:34 PM
Thank you for the reply, but unfortunately nothing changed.
12/15/2022 04:12 AM
Please create copy of admin role and remove unnecessary access one by one
12/15/2022 04:53 AM
Even though that would allow me to identify the problematic items, I would hope there is a better/quicker way to do this? Aren't there any logs that can help me with this?
12/15/2022 04:57 AM
Admin- Admin Function - Application Logs
12/15/2022 05:12 AM
Debug logging is enabled. What search options do I use to find this? Looking for words like "*denied*" or my username won't show the actual reason for the denial.
12/14/2022 08:50 AM
Can you make sure that below web services are added?
12/14/2022 11:34 PM
Thank you for the reply, but unfortunately nothing changed.