Saviynt Forums

Marcel · ‎12/14/2022

Hi all,

As a new Saviynt customer, we are still trying to figure out the tool, and are eager to learn. Because of this, we are also trying out different things, and thus running into multiple challenges. Most of them we can handle with the training video's and information on Freshdesk.

We are trying to create a SAV role that allows an IT support employee to only change the phone number of a user using the "Update User Request" functionality. Two Feature Accesses have been added:
- Home
- Update User Request

This automatically added three Web Service Accesses:
- pmgmt_passwordResetAPIUser
- pmgmt_resetAPIUserPassword
- apiv5fetchCertificationList

When logging in as a user with this role, we can see and click the tile called "Update User Request". Doing so will show us the list of all users. We select one user and click "Next", but then we get a message "Access Denied".

I've tried looking on Freshdesk and in the training video's, but I cannot find how to debug this issue, and to find the reason why we are getting this "Access Denied" message. Can someone explain to me how I can find the reason for this?

With kind regards,
Marcel

rushikeshvartak · ‎12/14/2022

Check on browser developer logs which api is giving 403 error. Additionally please share sav role configuration

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Marcel · ‎12/14/2022

Hi Rushikesh,
Thank you for your reply.

The only request giving 403 is

file?path=/app/usr/theme.json

rushikeshvartak · ‎12/14/2022

Who to request . You need to allow all or atleast self

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Marcel · ‎12/14/2022

Unfortunately that does not seem to help
No new 403 messages appear

rushikeshvartak · ‎12/14/2022

Add web services

NAME DESCRIPTION URL


webservice_api_updateUser	WEBSERVICE	/api/updateUser
webservice_api_v5_updateUser	WEBSERVICE	/api/v5/updateUser
webservice_api_v5_updateUserRequest	WEBSERVICE	/api/v5/updateUserRequest

https://forums.saviynt.com/t5/identity-governance/update-user-capability-for-sav-role/m-p/10703#M262...

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Marcel · ‎12/14/2022

Thank you for the reply, but unfortunately nothing changed.

rushikeshvartak · ‎12/15/2022

Please create copy of admin role and remove unnecessary access one by one

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Marcel · ‎12/15/2022

Even though that would allow me to identify the problematic items, I would hope there is a better/quicker way to do this? Aren't there any logs that can help me with this?

rushikeshvartak · ‎12/15/2022

Admin- Admin Function - Application Logs

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Marcel · ‎12/15/2022

Debug logging is enabled. What search options do I use to find this? Looking for words like "*denied*" or my username won't show the actual reason for the denial.

sk · ‎12/14/2022

Can you make sure that below web services are added?

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Marcel · ‎12/14/2022

Thank you for the reply, but unfortunately nothing changed.

Saviynt Forums

Custom SAV role: Access denied