We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Custom SAV Role for Analytics Access - remove 'Delete' and 'Schedule' permission

ReshamDas
New Contributor II
New Contributor II

Hi,

We have a requirement to create a SAV Role in Saviynt v23.8, so that its members can access the Analytics module to strictly perform only the following tasks:-

1) View & Download V2 Analytics Reports History.

2) Run only the Custom Analytics Reports defined inside the 'Analytics' section of the SAV Role. Dry Run and Run History are optional.

Here are the restrictions on its members within the Analytics module:-

1) Members should not be able to create, modify, delete, schedule the Custom Analytics Reports configuration and query.

2) Members should not be able to run (and should not create, modify, delete, schedule) any OOTB Analytics Reports.

PFA the extract of the custom SAV Role Role_AHM_Analytics that we created to conform to the above requirement. This SAV Role has been able to meet all above requirements, plus the following couple of extra privileges:-

1) Members are able to schedule both OOTB and Custom Analytics Reports.

2) Members are able to delete the Custom Analytics Reports.

Both of these extra privileges available to this SAV Role members are of major concerns, as the members should strictly not be able to delete or schedule any reports. We could not test if the members are able to delete even the OOTB Analytics Reports, for obvious reasons.

Feature Access configured on the custom Role_AHM_Analytics SAV Role:-

Analytics Configuration
Analytics Dashboard
Analytics History Details
Home
Runtime Analytics History Details
Show Analytics Control List
Show Analytics Control List in Merged View
Show Analytics Flat History
Show Analytics History
Show Analytics Run History

Hence, kindly review the configuration details of this Custom SAV Role Role_AHM_Analytics, and suggest changes so that the 'Delete Analytics' and 'Schedule Analytics' privileges are removed from its users.

6 REPLIES 6

pruthvi_t
Saviynt Employee
Saviynt Employee

Hi @ReshamDas ,

Greetings.

Did you try to check if the feature accesses you've assigned for the savrole has any URLs which permits them to schedule and delete analytics controls??

Also did you check if you've assigned 'api_v5_deleteAnalytics' in the webservice access.

Thanks.


Regards,
Pruthvi

ReshamDas
New Contributor II
New Contributor II

Hi @pruthvi_t,

1. We have gone through the URLs within all the feature access mapped to this custom SAV Role, and none of those contain the URLs for schedule and delete analytics.

2. We did not assign 'api_v5_deleteAnalytics' explicitly in the webservice access. PFA the webservice accesses assigned to this role, which are linked to the 'Home' feature access only.

saidnya_naik
New Contributor
New Contributor

Hi @ReshamDas,

We have a similar requirement as you mentioned above, were you able to restrict the savrole from deleting analytics?

No @saidnya_naik, we are waiting for suggestions from the team.

Its not supported currently please raise idea ticket for enhancement. Buttons are not controlled with sav role.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

pruthvi_t
Saviynt Employee
Saviynt Employee

@ReshamDas ,

Greetings.

Unfortunately, we do not have feature accesses for individual actions on analytics controls. Please raise an idea with your requirement so that our product team can review it.

http://ideas.saviynt.com/

Thanks,


Regards,
Pruthvi