Saviynt Forums

krecpond · ‎07/28/2023

We have a requirement to disable AD accounts through a ServiceNow catalog that will consume Saviynt API to disable user's AD account. I am trying to restrict the access for ServiceNow to consume only the /ECM/api/v5/updateUser API instead of opening up all the APIs.

I have a created a user, svc_test_api_scope, with a custom SAV role - ROLE_SNOW_API. The only Web Service access attached to this SAV role is webservice_api_v5_updateUser.

I have set a temp password and reset it once while trying to login to Saviynt app via the UI. However, when I use the permanent password, I get an access denied page.

Likewise, when I use the service user in postman and make an API call to /ECM/api/v5/updateUser, I am getting a 403 forbidden error msg.

How do I validate the configurations required to scope down the Saviynt APIs that consumers can consume?

Thanks.

rushikeshvartak · ‎07/29/2023

Did you granted Home Feature for Ui ?

Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.

krecpond · ‎07/31/2023

It just started to work after 2 days without adding any additional feature or web service access to the SAV role. In other words, without granting any additional permissions, API calls from Postman are now working for the test user with the limited access SAV role.

It is not clear why it did not work on Friday but started to work after the weekend.

rushikeshvartak · ‎07/31/2023

It usually happen when server is restarted or microservices job executed properly

Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.

Saviynt Forums

Scope down Saviynt APIs for external consumers