Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Hide Enterprise Roles from ARS page for CPAM End Users

aksharkay
New Contributor III
New Contributor III

Hi,

 

Is there a way to hide enterprise roles in the ARS page through SAV roles? Since CPAM and IGA users are accessing the same shared platform, we would like to know if Saviynt provides an option to modify fine-grained ARS page access based on SAV roles. CPAM End Users would need access to request accounts and entitlements for themselves but should not be able to request enterprise roles.

We want to avoid using Request Roles Query in the Global Config since that restricts role requests even through APIs and impacts our IGA solution.

 

Please find below the different personas in the Saviynt system and what access they should have on ARS:

 

Enterprise Roles on ARS

Role Request from API

Role Request from ARS

CPAM End User

No enterprise roles should be visible nor requestable from ARS page.

Allowed

Not allowed

CPAM Admin

All enterprise roles

Allowed

Allowed

IGA Admin

All enterprise roles

Allowed

Allowed

 

We want to make enterprise roles non-requestable on ARS for CPAM end users but make them requestable from API for everyone. Please do let me know if you'd like any other details.

 

Thanks & Regards,

Akshar

1 REPLY 1

vikasjv
Saviynt Employee
Saviynt Employee

Hi @aksharkay ,

Currently, in Saviynt, the Role Request Query feature in Global config allows us to restrict enterprise roles for users who have the CPAM SAV role. However, it does not provide an option to specifically enable only the API for those users.

Please let us know if you have any additional questions or if there's any specific information you're looking for.!