Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Read only SAV Role for Identity Repository

FCaremoli
New Contributor III
New Contributor III

Hi everyone

We have to create a SAV role in order to allow some user to access in read only the Identity Repository folder in the admin page (in particular they have to see information related to user and accounts). While for the user page everything works fine: users list, user details and correlated accounts can be seen. Unfortunately when we try to view the correlated account the access is denied and the accounts list seen with this role is empty. We have also created a SAV role by copy the admin SAV role with the read only flag stetted but there is the same problem. How can we fix it?

@JustSalva @nfraternali

6 REPLIES 6

rushikeshvartak
All-Star
All-Star

Can you share current features added? 
you just need all objects under Identity Repository?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

We want the user whom received the SAV role to access both account and users lists and details (read only). The feature in the SAV role now are:

  • Admin: Admin Dashboard
  • Admin: Users
  • Admin: Entitlements Administration
  • Admin: Landing Page
  • Admin: SAV Roles
  • Admin: Accounts List

Can you check which url is hit & you are getting 403 from browser developer console


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

FCaremoli
New Contributor III
New Contributor III

FCaremoli_0-1673456266300.png

This is what I can see

cgarwood
New Contributor III
New Contributor III

I am having a similar issue which might be related. I can view the full list of Users in identity repository from the read only sav role I am building, but I can only view Accounts and Entitlements that I own. If you drill down into an account owned by the logged in user do you get the same Access Denied error?

cgarwood
New Contributor III
New Contributor III

@FCaremoli did you add the new sav role to the default roles in the relevant connections? I was told that this was the step I was missing and after I added my new admin read only role to all of my connections I was able to get a view of all users, accounts, entitlements, and roles.