Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need SAV Role access details to manage service account module

vermark
Regular Contributor
Regular Contributor

‎07/25/2022 10:13 AM

Hi Team,

We have a requirement where we want to give the manage service account module access based on the sav role assigned to the users. Please let us know what all accesses required to manage service account module.

Current Issue:

Basic User –  Sees only the shopping cart icon; there are no modify, enable, or disable options.  When they click on any of the the shopping carts it gives them an ‘Access Denied Error’

Service Desk –  Sees only the shopping cart icon; there are no modify, enable, or disable options.  When they click on any of the the shopping carts it gives them an ‘Access Denied Error’

IDAM Team –  Sees only the shopping cart icon; there are no modify, enable, or disable options.  When they click on any of the the shopping carts it gives them an ‘Access Denied Error’

Full Admin – Sees all buttons (shopping cart, modify, enable, disable) and is able to click the items and take actions without the Access Denied error

Needs:

  • Service Desk and IDAM teams need to be able to perform these functions like full admin can. 
  • Basic Users need to be able to request all these accounts.
  • Owners need to be able to modify, enable, disable
1 person had this problem.
0 Kudos
16 REPLIES 16

vermark
Regular Contributor
Regular Contributor

‎07/25/2022 11:26 AM

Currently 'Manage Service Account' feature is assigned in all sav roles

0 Kudos

rushikeshvartak
All-Star
All-Star

‎07/25/2022 01:47 PM

rushikeshvartak_0-1658782027400.pngrushikeshvartak_1-1658782043271.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

vermark
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎07/25/2022 11:27 PM

Hi Rushikesh,

We are on version 2021 in that we see 'Manager Service Account' under 'Create Request Home Option' which is selected for all above SAV Roles and under feature access we don't see analyticsConfig_usertypeselect but have 'Manage Service Account' feature already select still its not working.

 

 

 

0 Kudos

Nikitaj
Saviynt Employee
Saviynt Employee
In response to vermark

‎07/26/2022 12:18 AM - edited ‎07/26/2022 12:21 AM

Hi @vermark 

To get options to disable/remove/create account please add service account type at the endpoint level as below:

Nikitaj_0-1658819708434.png

If the account type does not exists already, please create it on any of the associated account (account should be under the desired endpoint)  as below:

Nikitaj_1-1658819824603.png

Once account type is created add it to service account type at endpoint level and run the microservice job, you will now get the options on the manage service account request

Hope this helps!


Thanks
Nikita
0 Kudos

vermark
Regular Contributor
Regular Contributor

‎07/26/2022 01:32 AM

Hi Nikitaj,

As an owner I am able to manage the service account.

What I am asking is:

1. If I am assigned role basic then I should be able to create a request for new service account. When I am raining a request for a new service account with role basic I am getting access denied. So I think there is some issue with SAV role permissions

2. If I am assigned role admin I can manage all the service accounts. So wanted to know what are those permission in SAV role which allows admin to manage all service accounts

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to vermark

‎07/26/2022 02:00 AM

Please share sav role extract & logs


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

vermark
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎07/26/2022 02:58 AM

Hi Rushikesh,

SAV role export and logs are attached.

logs.zip
0 Kudos

Nikitaj
Saviynt Employee
Saviynt Employee
In response to vermark

‎07/26/2022 09:47 AM

Hi @vermark 

Could you please check the webservice access on SAV Role, please add the below if not already added and confirm.

Nikitaj_0-1658854012630.png

 


Thanks
Nikita
0 Kudos

vermark
Regular Contributor
Regular Contributor
In response to Nikitaj

‎07/26/2022 10:05 AM

Hi Nikitaj,

I have aready tried it still the end users getting the access denied error.

Thanks

0 Kudos

Nikitaj
Saviynt Employee
Saviynt Employee
In response to vermark

‎07/26/2022 10:10 AM

Hi @vermark 

Could you please log out and log in back once you have all the settings done as per above and also clear cache. This should work now as we have added all the prerequisites for this access.

I just replicated the same in my instance and its working now as expected.

 


Thanks
Nikita
0 Kudos

vermark
Regular Contributor
Regular Contributor
In response to Nikitaj

‎07/26/2022 10:24 AM

Hi Nikitaj,

Could you please share the screenshot of feature access and web service access. I tried after clearing the cache still the sam issue

I am sharing the feature and webservice access which i have in my sav role

vermark_0-1658856162781.pngvermark_1-1658856194904.png

 

0 Kudos

Nikitaj
Saviynt Employee
Saviynt Employee
In response to vermark

‎07/26/2022 09:12 PM

Hi @vermark 

Here is my configuration at SAV Role, just followed the ones you shared and its working for me

Nikitaj_0-1658894702703.pngNikitaj_1-1658894729800.pngNikitaj_2-1658894746657.pngNikitaj_3-1658894762626.png

Note: Add the end user to the users tab.Nikitaj_4-1658894809489.png

 


Thanks
Nikita
0 Kudos

vermark
Regular Contributor
Regular Contributor

‎07/26/2022 08:48 PM

Hi Team,

Can anyone please assist here

0 Kudos

vermark
Regular Contributor
Regular Contributor

‎07/26/2022 10:18 PM

still not working for me

0 Kudos

Nikitaj
Saviynt Employee
Saviynt Employee
In response to vermark

‎07/27/2022 12:55 AM

Hi @vermark 

Could you please confirm if you are trying to add enable/disable/modify button for same endpoint both as a service desk and as a admin.

 


Thanks
Nikita
0 Kudos

vermark
Regular Contributor
Regular Contributor
In response to Nikitaj

‎07/27/2022 02:06 AM

Hi Nikitaj,

1. User with sav role 'ROLE_BASIC_USER' should be able to submit the request. Currently it is not working we are getting access denied error. 

2. We want any user having sav role 'ROLE_SERVICE_DESK' on top of 'ROLE_BASIC_USER(defaut role assigned to all users)' should be able to add enable/disable/modify all service accounts on a particular endpoint.

Hope this clarifies.

0 Kudos
Copyright © 2024 Khoros, LLC