Hi,
We have a requirement to create a SAV Role in Saviynt v23.8, so that its members can access the Analytics module to strictly perform only the following tasks:-
1) View & Download V2 Analytics Reports History.
2) Run only the Custom Analytics Reports defined inside the 'Analytics' section of the SAV Role. Dry Run and Run History are optional.
Here are the restrictions on its members within the Analytics module:-
1) Members should not be able to create, modify, delete, schedule the Custom Analytics Reports configuration and query.
2) Members should not be able to run (and should not create, modify, delete, schedule) any OOTB Analytics Reports.
PFA the extract of the custom SAV Role Role_AHM_Analytics that we created to conform to the above requirement. This SAV Role has been able to meet all above requirements, plus the following couple of extra privileges:-
1) Members are able to schedule both OOTB and Custom Analytics Reports.
2) Members are able to delete the Custom Analytics Reports.
Both of these extra privileges available to this SAV Role members are of major concerns, as the members should strictly not be able to delete or schedule any reports. We could not test if the members are able to delete even the OOTB Analytics Reports, for obvious reasons.
Feature Access configured on the custom Role_AHM_Analytics SAV Role:-
Analytics Configuration
Analytics Dashboard
Analytics History Details
Home
Runtime Analytics History Details
Show Analytics Control List
Show Analytics Control List in Merged View
Show Analytics Flat History
Show Analytics History
Show Analytics Run History
Hence, kindly review the configuration details of this Custom SAV Role Role_AHM_Analytics, and suggest changes so that the 'Delete Analytics' and 'Schedule Analytics' privileges are removed from its users.
