I am trying to create a handful of custom Sav roles that align to how my organization uses Saviynt. I have been unable to get identity repository items to display correctly. I want to be able to grant read-only access to entitlements and accounts for some non-admin users. It currently only shows those which the logged in user owns rather than the full lists of all entitlements and all accounts. I have not been able to get these lists to populate outside of the ROLE_ADMIN sav role.
Is it possible to build a sav role that enables this access?
Solved! Go to Solution.
Yes you should be able to do it, for reference you can create a role admin copy and make it read only, you should be able to view all users ,accounts and entitlements and then based on ur requirements you can remove some access which are not needed.
I confirmed that the issue I was having was that the new role needed to be added to each connection so that objects that were not owned by the logged in user would be visable. Adding the endpoint in the SAV role itself was not enough to enable this visibility. The reason it worked with ROLE_ADMIN is because that is added to all connections by default.