Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Service Account for ADSI Connector - Minimum privileges to update the AD extended attributes.

Sakshi
New Contributor
New Contributor

‎05/31/2023 01:27 AM

Hi, 

I have referred to ADSI connector guide, and it suggests that for Provisioning operations the Service Account needs to have "Enterprise Administrator" role. 

Preparing for Integration (saviyntcloud.com)

This does not follow the least privileged principals. Can you suggest on alternate roles/permission that can be granted for Write operations. 

 

Labels:
0 Kudos
1 REPLY 1

prashantChauhan
Saviynt Employee
Saviynt Employee

‎06/01/2023 03:36 AM

Hi @Sakshi 

Below permissions are required for the Import/Provisioning operations:

Import:

-Directory Replication permission 

Provisioning:

-Read
-Write

Create/Delete child object provisioning:

-Create all child objects
-Delete all child objects

Move operation:

-Migrate SID history

0 Kudos
Copyright © 2024 Khoros, LLC