Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/30/2024 02:29 AM
Hello everyone,
We've noticed that all of our users currently have the ROLE_SAV_ENDUSER by default. This role provides too much access to the system, including the ability to change their own account password. To address this, we've created our own ROLE_ENDUSER with more restricted access.
My questions are:
How do we replace the old ROLE_SAV_ENDUSER with our new ROLE_ENDUSER for all existing users?
Regards,
Sanjeev Kumar
08/30/2024 02:32 AM
Hi @Sanjeev that is a massive change .. proper planning and implementation is required.
Are you referring to change password tile?
Just hide it.
08/30/2024 02:38 AM
Hello NM ,
Thank you for yours reply.
We are replacing all existing users who have the ROLE_SAV_ENDUSER with our custom ROLE_ENDUSER.
This custom role has limited access. The ability to change their own password is just one example of the restrictions."
Thank you.
08/30/2024 02:47 AM
Hi @Sanjeev , you can try to update the config in external config.propeeties file.#job.ecm.imp.file.defaultrole=Desired Role
08/30/2024 02:44 AM
Hi @Sanjeev you can refer this post https://forums.saviynt.com/t5/identity-governance/replacing-default-role-sav-enduser-with-our-custom...
Regards,
Indra
08/30/2024 02:52 AM
Hello @NM @indra_hema_95 ,
Thank you for your reply.
The changes have already been made so that new users are assigned my custom ROLE_ENDUSER. However, my problem is with the existing users who still have the old ROLE_SAV_ENDUSER. There are more than 2,000 of these old users. How can I assign the new custom ROLE_ENDUSER to these users?"
Thank you.
08/30/2024 02:57 AM
@Sanjeev only option I could think of to handle it via sav4sav connection.
Submit a bulk request to remove existing role and add new one.
08/30/2024 02:55 AM
Hello @NM @indra_hema_95 ,
The solution you provided is working for new users, and I've already implemented it in the system. Thank you for your quick reply.
Thank you
08/30/2024 03:22 AM
Hello @NM
Can you please give me some detailed ideas on how to handle it via a sav4sav connection?
Thank you
08/30/2024 07:43 AM
necessary - Sav4sav connector is setuped
08/30/2024 03:39 AM
@Sanjeev are you importing sav roles as entitlement in your environment?
08/30/2024 05:41 AM - edited 08/30/2024 05:41 AM
Hi @Sanjeev ,
If your environment is using SAV4SAV connector, then you can create a analytic that will create remove access task for end user sav role and add access for new custom sav role.
Or you can use Saviynt API - https://xxx/ECM/api/v5/addremoveuserfromrole
Prepare a file of all users you need to take action on and use this method to run postman collection
https://learning.postman.com/docs/collections/running-collections/working-with-data-files/
username can be referred from file . There are youtube videos also that you can refer , it is pretty straight forward
09/02/2024 09:56 PM
Hello @NM
I'm planning to import SAV roles as entitlements into the environment for the first time. Can you please guide me on how to proceed with this entitlement?
Thank you
09/02/2024 10:05 PM
09/02/2024 10:45 PM
Hi @Sanjeev ,
In global configuration as soon as to tick the checkbox of saviynt for saviynt connection, a rest based connection will be created
Just add service account details for authentication.
09/02/2024 10:59 PM
Hi @Sanjeev ,
You can refer this doc , it has step by step explanation. If you face any issue let us know
09/07/2024 01:13 AM
Hello All,
Thank you for yours reply
My new question is as:-
How to Assign SAV Role as an Entitlement in Enterprise Role
Regards
Sanjeev Kumar
09/07/2024 01:16 AM
Hello All,
Thank you for yours reply
My new question is as:-
How to Add new SAV Role as an Entitlement in Endpoint
Regards
Sanjeev Kumar
09/07/2024 05:00 AM - edited 09/07/2024 08:53 AM
Schedule Job it will automatically create
09/07/2024 08:30 AM
Hi Sanjeev,
You can run the sav4sav entitlement import job. New sav role will show up as entitlements