This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict the list of users in the user management custom form

krecpond
New Contributor II
New Contributor II

‎07/21/2023 07:25 PM - edited ‎07/21/2023 07:26 PM

We have a requirement to disable users based on a certain criteria by the support team. The support team currently does this using the user management form that has been developed using Global Config --> Identity Lifecycle --> User Registration

Now there is a requirement that such disabled IDs must be reactivated only by the user's manager(s). We have a SAV role ROLE_MANAGER defined which grants only managers access to the user management form. However, managers are able to see all the users in the company. The requirement is to restrict the view to only the manager's direct reports when the manager accesses the user management form.

How can this requirement be achieved in Saviynt?

Labels:
0 Kudos
9 REPLIES 9

rushikeshvartak
All-Star
All-Star

‎07/21/2023 08:44 PM

You can modify gsp to block based on sav role


Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.
0 Kudos

krecpond
New Contributor II
New Contributor II

‎07/21/2023 08:49 PM

How do I access the gsp pages on v23.4?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to krecpond

‎07/21/2023 09:51 PM

From file directory 


Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.
0 Kudos

armaanzahir
Valued Contributor
Valued Contributor

‎07/21/2023 11:32 PM

Hi @krecpond ,

Have you tried using the SAV Role Config "Whom to request" Advanced filter-JSON option

[{
        "for": "RequestAccessforOthers",
        "query": "select a from Users a where a.id='${users.id}'"
    },
    {
        "for": "ViewExistingAccess",
        "query": "select a from Users a where a.id=${users.id}"
    },
    {
        "for": "UpdateUserRequest",
        "query": "select a from Users a where a.manager='${users.id}'"
    }
]

armaanzahir_0-1690007392914.pngarmaanzahir_1-1690007423363.png

Understanding the SAV Role Parameters (saviyntcloud.com)

 

Thanks,

Armaan

Regards,
Md Armaan Zahir
0 Kudos

krecpond
New Contributor II
New Contributor II

‎07/22/2023 10:07 AM - edited ‎07/22/2023 10:07 AM

We currently have ROLE_USER set with the ability to request access for anyone in the company. So this permission was overriding the ROLE_MANAGER permission that was restricted to request access for self and direct reports thus displaying all 50K users to the user with SAV role ROLE_MANAGER.

When ROLE_USER was changed to allow access request for only self and direct reports and ROLE_MANAGER was allowed to see only a specific view in the drop down of the user management module (through the configurations in Global Config --> Identity Lifecycle --> User Registration form), I was able to address this requirement. I did not have to use any advanced filter configuration for this requirement.

The conclusion is that when users are provisioned to more than 1 SAV role, it is important to analyze the net access that the combination of the SAV roles provide to the user.

Thanks for all your help.

0 Kudos

rushikeshvartak
All-Star
All-Star

‎07/23/2023 09:34 PM

Use sav role advanced config on Whom to Request 

rushikeshvartak_0-1690173161891.png

Sample :

[{"for":"RequestAccessforOthers,RequestAccessOthersMultiUser","query":"select a from Users a where (a.manager=${users.id} and (a.customproperty1 is not null or a.customproperty1 !='' )) or (a.id = ${users.id} and (a.customproperty1 is not null or a.customproperty1 !='' ))"},{"for":"ViewExistingAccess","query":"select a from Users a where (a.manager=${users.id} and (a.customproperty1 is not null or a.customproperty1 !='' )) or (a.id = ${users.id} and (a.customproperty1 is not null or a.customproperty1 !='' ))"},{"for":"UpdateUserRequest","query":"select a from Users a,user_savroles us where a.id = ${users.id} and us.id=a.id and us.rolekey=1"}]


Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.
0 Kudos

krecpond
New Contributor II
New Contributor II

‎07/26/2023 02:20 PM

Thanks Rushikesh. This SAV Role configuration with JSON works for controlling the user list.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to krecpond

‎07/26/2023 02:54 PM

Great. close the thread by accepting solution 


Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.
0 Kudos

krecpond
New Contributor II
New Contributor II

‎07/27/2023 10:43 PM - edited ‎07/27/2023 10:44 PM

The problem with using the above advanced config in the SAV role is that it does not show the tiles and links to request access for others and request access for multi users. So there is also no documentation on how to configure the remaining options in the JSON format.

0 Kudos
Copyright © 2023 Khoros, LLC