and more in a single search tool across platforms. Read the announcement here. |
07/25/2022 10:13 AM
Hi Team,
We have a requirement where we want to give the manage service account module access based on the sav role assigned to the users. Please let us know what all accesses required to manage service account module.
Current Issue:
Basic User – Sees only the shopping cart icon; there are no modify, enable, or disable options. When they click on any of the the shopping carts it gives them an ‘Access Denied Error’
Service Desk – Sees only the shopping cart icon; there are no modify, enable, or disable options. When they click on any of the the shopping carts it gives them an ‘Access Denied Error’
IDAM Team – Sees only the shopping cart icon; there are no modify, enable, or disable options. When they click on any of the the shopping carts it gives them an ‘Access Denied Error’
Full Admin – Sees all buttons (shopping cart, modify, enable, disable) and is able to click the items and take actions without the Access Denied error
Needs:
07/25/2022 11:26 AM
Currently 'Manage Service Account' feature is assigned in all sav roles
07/25/2022 01:47 PM
07/25/2022 11:27 PM
Hi Rushikesh,
We are on version 2021 in that we see 'Manager Service Account' under 'Create Request Home Option' which is selected for all above SAV Roles and under feature access we don't see analyticsConfig_usertypeselect but have 'Manage Service Account' feature already select still its not working.
07/26/2022 12:18 AM - edited 07/26/2022 12:21 AM
Hi @vermark
To get options to disable/remove/create account please add service account type at the endpoint level as below:
If the account type does not exists already, please create it on any of the associated account (account should be under the desired endpoint) as below:
Once account type is created add it to service account type at endpoint level and run the microservice job, you will now get the options on the manage service account request
Hope this helps!
07/26/2022 01:32 AM
Hi Nikitaj,
As an owner I am able to manage the service account.
What I am asking is:
1. If I am assigned role basic then I should be able to create a request for new service account. When I am raining a request for a new service account with role basic I am getting access denied. So I think there is some issue with SAV role permissions
2. If I am assigned role admin I can manage all the service accounts. So wanted to know what are those permission in SAV role which allows admin to manage all service accounts
07/26/2022 02:00 AM
Please share sav role extract & logs
07/26/2022 02:58 AM
07/26/2022 09:47 AM
Hi @vermark
Could you please check the webservice access on SAV Role, please add the below if not already added and confirm.
07/26/2022 10:05 AM
Hi Nikitaj,
I have aready tried it still the end users getting the access denied error.
Thanks
07/26/2022 10:10 AM
Hi @vermark
Could you please log out and log in back once you have all the settings done as per above and also clear cache. This should work now as we have added all the prerequisites for this access.
I just replicated the same in my instance and its working now as expected.
07/26/2022 10:24 AM
Hi Nikitaj,
Could you please share the screenshot of feature access and web service access. I tried after clearing the cache still the sam issue
I am sharing the feature and webservice access which i have in my sav role
07/26/2022 09:12 PM
Hi @vermark
Here is my configuration at SAV Role, just followed the ones you shared and its working for me
Note: Add the end user to the users tab.
07/26/2022 08:48 PM
Hi Team,
Can anyone please assist here
07/26/2022 10:18 PM
still not working for me
07/27/2022 12:55 AM
Hi @vermark
Could you please confirm if you are trying to add enable/disable/modify button for same endpoint both as a service desk and as a admin.
07/27/2022 02:06 AM
Hi Nikitaj,
1. User with sav role 'ROLE_BASIC_USER' should be able to submit the request. Currently it is not working we are getting access denied error.
2. We want any user having sav role 'ROLE_SERVICE_DESK' on top of 'ROLE_BASIC_USER(defaut role assigned to all users)' should be able to add enable/disable/modify all service accounts on a particular endpoint.
Hope this clarifies.