Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Query on Enterprise Roles in Saviynt

Dharmen
New Contributor III
New Contributor III

Hope you are doing great. I am writing this to confirm on our understanding of a behaviour of enterprise roles on Saviynt. We are in the middle of roll out, and have got stuck at this point.

 

Under Enterprise Role, we have an option to map it to a specific Endpoint.

Dharmen_0-1717520491094.png

 

 

If we do so, then we see the following behaviour

  1. User can request for this role by using the Application tile by following the path Application > Choose the Endpoint name > Choose the Enterprise Role and raise request

Dharmen_1-1717520491102.png

 

  1. But if the user comes back in future and follows the same request path in ARS – Saviynt does not show that user already has access to this role. Instead it allows user to request again for the same role.
  2. Whereas, if the user takes the alternate route to start with Role (Not Application) as in below screenshot

Dharmen_2-1717520491105.png

 

  1. then – the role is shown as already existing for the user.

Dharmen_3-1717520491107.png

 

 

 

To summarize, you are supposed to map an Endpoint to an Enterprise Role if (and only if).

  1. You want the role to be requestable under an application in ARS
  2. You expect the user to always have an account of the Endpoint to which the role is attached.

 

Please confirm if our understanding is correct.

3 REPLIES 3

NM
Valued Contributor
Valued Contributor

Hi @Dharmen, ideally enterprise role should be requested via the enterprise catalog

rushikeshvartak
All-Star
All-Star
  • Enterprise role should not be tagged to endpoint.
  • If enterprise role is tagged to endpoint then it should be made requestable from Endpoint. [This is not best practices of design module]

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

PremMahadikar
Valued Contributor
Valued Contributor

Hi @Dharmen ,

To summarize, you are supposed to map an Endpoint to an Enterprise Role if (and only if).

  1. You want the role to be requestable under an application in ARS
  2. You expect the user to always have an account of the Endpoint to which the role is attached.

Yes, and not recommended to Map Enterprise Role to an Endpoint.

 

I would suggest you refer below article from Saviynt team member (Role Design Best Practice)

Role Design Best Practice - Saviynt Forums - 36200

 

If this helps, please select Accept As Solution and hit Kudos