Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/11/2023 04:50 AM
Hi,
Is there a way to hide enterprise roles in the ARS page through SAV roles? Since CPAM and IGA users are accessing the same shared platform, we would like to know if Saviynt provides an option to modify fine-grained ARS page access based on SAV roles. CPAM End Users would need access to request accounts and entitlements for themselves but should not be able to request enterprise roles.
We want to avoid using Request Roles Query in the Global Config since that restricts role requests even through APIs and impacts our IGA solution.
Please find below the different personas in the Saviynt system and what access they should have on ARS:
| Enterprise Roles on ARS | Role Request from API | Role Request from ARS |
CPAM End User | No enterprise roles should be visible nor requestable from ARS page. | Allowed | Not allowed |
CPAM Admin | All enterprise roles | Allowed | Allowed |
IGA Admin | All enterprise roles | Allowed | Allowed |
We want to make enterprise roles non-requestable on ARS for CPAM end users but make them requestable from API for everyone. Please do let me know if you'd like any other details.
Thanks & Regards,
Akshar
07/12/2023 10:55 PM
Hi @aksharkay ,
Currently, in Saviynt, the Role Request Query feature in Global config allows us to restrict enterprise roles for users who have the CPAM SAV role. However, it does not provide an option to specifically enable only the API for those users.
Please let us know if you have any additional questions or if there's any specific information you're looking for.!