Saviynt Forums

yogesh2 · ‎05/20/2024

We have a custom end user sav role with these permissions:

    "FEATURE_LIST": 
    [
      "home.pendingActions",
      "Manage_My_Access",
      "home.recentActivity",
      "Pending_Approvals",
      "Application_Request",
      "Request_Access_for_Self",
      "Request_History",
      "VIEW_KPI",
      "Campaign_Templates_List",
      "Create_Campaign",
      "RequestEnterpriseRolesClassicUI",
      "Create_AAD_Group",
      "ViewSavedRequestsClassicUI",
      "Certification Dashboard",
      "Campaign_Edit_Templates",
      "Campaign_Export",
      "SOD_Function_Change_Requests",
      "Create_AD_Group",
      "Campaign_List",
      "All_Campaign_Certification_Review_Access",
      "Campaign_Summary",
      "Runtime_Analytics_History_Details",
      "Create_User_Request",
      "Manage_Service_Account",
      "View_Delegates",
      "View_Existing_Access",
      "Home",
      "Manage_AD_Group",
      "Request_Access_for_Others",
      "Request_Access_for_Others__Multi_User",
      "Manage_AAD_Group",
      "Get_DB_Data_Runtime_Analytics"
    ],
    "WEBSERVICE_LIST": 
    [
      "pmgmt_resetAPIUserPassword",
      "webservice_api_restful_approveRejectRequest",
      "webservice_api_v5_sodEvaluation",
      "webservice_apii_v5_sendEmail",
      "api_v5_fetchRuntimeControlsData",
      "webservice_api_v5_sapSODEvaluation",
      "api_jbpm_doSignoffMS",
      "api_jbpm_workflowaccessreqStartMS",
      "api_jbpm_discontinueRequestMS",
      "api_jbpm_getJbpmTaskIdMS",
      "apiv5fetchCertificationList"
    ]

as you can see this role has access to create and manage AD and AAD groups, but on the "Add Group Owner" screen I am not able to select owners and get a popup saying {"error":"access denied"} as soon as I mark the check box against any user:

There are the errors in browser console:

error is on some API called setuserkeyinsessionset

am I missing some feature access? Ideally the create AD / AAD group feature should give access to this.

Even with OOTB end user role I am not able to add a group owner on this screen.

rushikeshvartak · ‎05/20/2024

Refer https://forums.saviynt.com/t5/data-access-governance/pop-up-error-in-ad-group-management/m-p/44621#M...

ADMIN - SUBMENU.ADMIN.users_userlistjson

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yogesh2 · ‎05/20/2024

@rushikeshvartak
in 24.2 we added the feature access "Admin: Users" which seems to include "/users/userlistjson" but this gives access to whole admin user repository view which we don't want to provide to end user.

userlistjson is not available "Webservice Access" tab so we can not add only this API permission it seems.

Is there a way to only add the permission to this API?

rushikeshvartak · ‎05/20/2024

Currently its limitation. You need to add admin users. feature please raise enhancement ticket to map webservice under create new AAD Group

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yogesh2 · ‎05/29/2024

After triaging this issue with Saviynt support we have got below response from them:

This is a known issue and has been fixed in version 24.4

rushikeshvartak · ‎05/29/2024

Did you found jira number in release notes ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yogesh2 · ‎05/29/2024

I haven't received any jira ticket number from Saviynt support, just a confirmation for now.

rushikeshvartak · ‎05/29/2024

Please can you ask same. I dont see anything related in release notes

FON-13815

End Users having the Reset Account Password for Others feature access assigned to their SAV role cannot reset the password for other users. Instead, they get an error message displaying {“error”}:”access denied”}.

https://docs.saviyntcloud.com/bundle/Release-Notes/page/Content/v24x/Release-Notes-24-4.htm

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yogesh2 · ‎05/29/2024

Got the details:

Version Release: 24.4
Version Date: Apr 2024
Jira Ticket #: OM-9594

But I don't see this one in the release notes.

rushikeshvartak · ‎05/29/2024

Can you update same in ticket

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

yogesh2 · ‎05/29/2024

I have asked them to add this to the release notes.

Saviynt Forums

Unable to add owners to AD groups and AAD groups with group creation forms