Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Solution design for Cloud MSSQL DB onboarding

vnambrath
New Contributor
New Contributor

We are conducting a POC for Cloud MSSQL DB onboarding to Saviynt.

Solutioning approach:
Separate SS, EP and Connection for Master(Login) and Application specific Schema
Master EP will be requestable and contain dummy entitlements (replica of entitlements from application schema endpoint) and will be mapped with entitlements from application schema endpoint
Workflow will be configured on Master SS
Master Connection can create the login in Master and remove the Login from master
App specific Schema EP will not be requestable. However provisioning Tasks will get created along with Master EP entitlements (Entitlement mapping).
No Workflow will be configured for App specific Schema SS.
App specific Schema connection will create the user and map with the login, Add/remove Roles to user, remove user from schema
Use cases:
New account request:
Tasks will be created for Master and Schema Endpoints and provisioned through respective connectors. If a user requests for 1 role, 2 tasks will be created - One for Dummy entitlement in master and second for the mapped entitlement from Schema Endpoint. Both tasks will get completed after running the provisioning Job
Modify request:
If a user needs access to a new application specific schema, then create a Modify request in the Master EP as the user account is already present in Master EP. User selects the roles and submit request. 2 tasks will be created - One for Dummy entitlement in master and second for the mapped entitlement from Schema Endpoint. Both tasks will get completed after running the provisioning Job. This will be creating the account in the new schema as well. Same process for removing access from one app specific schema. User needs to create a Modify request to remove the applicable role.
Delete request:
During delete account request, deprovisioning tasks will be created for all the child entitlements belonging to the schema specific endpoint along with Master Login removal task.
Kindly let me know if this is the right approach or any better solutioning is being used.
3 REPLIES 3

rushikeshvartak
All-Star
All-Star

You can go with single endpoint and write all logic into one


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

If different application uses different schemas in the same DB instance, then how do we manage it with single connection?

1. what will happen when a user is requesting for additional schema access?

2. if user creates a revoke request for one schema only?

In above cases you can manage using if else and database query


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.