We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Scope down Saviynt APIs for external consumers

krecpond
New Contributor III
New Contributor III

We have a requirement to disable AD accounts through a ServiceNow catalog that will consume Saviynt API to disable user's AD account. I am trying to restrict the access for ServiceNow to consume only the /ECM/api/v5/updateUser API instead of opening up all the APIs.

I have a created a user, svc_test_api_scope, with a custom SAV role - ROLE_SNOW_API. The only Web Service access attached to this SAV role is webservice_api_v5_updateUser.

I have set a temp password and reset it once while trying to login to Saviynt app via the UI. However, when I use the permanent password, I get an access denied page.

Likewise, when I use the service user in postman and make an API call to /ECM/api/v5/updateUser, I am getting a 403 forbidden error msg.

How do I validate the configurations required to scope down the Saviynt APIs that consumers can consume?

Thanks.

3 REPLIES 3

rushikeshvartak
All-Star
All-Star

Did you granted Home Feature for Ui ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

krecpond
New Contributor III
New Contributor III

It just started to work after 2 days without adding any additional feature or web service access to the SAV role. In other words, without granting any additional permissions, API calls from Postman are now working for the test user with the limited access SAV role.

krecpond_1-1690815000514.png

 

krecpond_0-1690814971865.png

krecpond_2-1690815073080.png

 

krecpond_3-1690815148065.png

 

It is not clear why it did not work on Friday but started to work after the weekend.

It usually happen when server is restarted or microservices job executed properly


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.