Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can you make single roles not editable in the request?

Go to solution
aro
Regular Contributor
Regular Contributor

‎06/26/2023 06:19 AM

A customer uses SAP systems with composite roles (collective role), whereby a composite role contains several single roles.
The customer only wants to work with composite roles. A user may only receive composite roles. We solved this with the configuration "Config for Requestable Entitlement in ARS" in the entitlement type.
However, you can see all roles under "Request access":

aro_0-1687785040517.png

 

How can it be prevented that single roles are edited or removed here (like the red one in the picture)?
Only the composite roles should be allowed to be changed here.

1 person had this problem.
Labels:
0 Kudos
6 REPLIES 6

Go to solution
dgandhi
All-Star
All-Star

‎06/26/2023 09:43 AM

I don't think you can hide delete/ edit button just for one single role from Role Modification page.

Maybe control this in the workflow as workaround, if anyone modifies the role (which is not supposed to be ), auto reject the same in the workflow and notify the requestor.

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
0 Kudos

Go to solution
aro
Regular Contributor
Regular Contributor
In response to dgandhi

‎06/29/2023 07:12 AM

Hi @dgandhi,

Unfortunately, a workaround via the workflow is not practicable because our customer has several SAP systems with many different roles

0 Kudos

Go to solution
dgandhi
All-Star
All-Star
In response to aro

‎06/29/2023 07:28 AM

Another option which I can think of, identify all such roles and flag them with some value in one of the role custom property. In WF , check that cp value , if it exist then auto reject the request.

This also would need some manual efforts in the flagging the role.

Please raise one enhancement with Saviynt in ideas portal for permanent fix.

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
0 Kudos

Go to solution
ASA
Regular Contributor II
Regular Contributor II

‎07/10/2023 06:50 AM

Solution was setting the filter in "Config for Selected Entitlement in ARS" in entitlement type.

0 Kudos

Go to solution
dgandhi
All-Star
All-Star
In response to ASA

‎07/10/2023 08:58 AM

How come config in "Config for Selected Entitlement in ARS" will hide the role from the Role Modification page?

Can you please elaborate more on this?

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
0 Kudos

Go to solution
ASA
Regular Contributor II
Regular Contributor II
In response to dgandhi

‎07/11/2023 01:53 AM

Hi Devang,

this was not about role modification but about access request. Problem was that the content of composite roles was shown as existing access and could be removed, which makes no sense.

0 Kudos
Copyright © 2024 Khoros, LLC