Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Need information on Generic Vault Usecase

Pooja
New Contributor II
New Contributor II

Hi,

Use case: Generic vault :-

To store generic account credentials, end users are currently using the Manage service accounts menu (which is associated with the ROLE_SAV_PAMENDUSER role) in Saviynt. This menu contains the Privilege_accounts endpoint, which is used for the generic vault purpose. However, it also has other directories, such as Active Directory and Azure AD, where the service account is specified at the endpoint level. As a result, PAM end users can request and manage the entitlement of directory accounts, which is not the correct approach.

we would like to understand if there is any filter we can apply at the endpoint level to restrict the endpoint from appearing under the Manage service account option, or if there are any other options we have to ensure that only the Privilege_accounts endpoint appears under the Manage service accounts option. Please advise.

3 REPLIES 3

Saathvik
All-Star
All-Star

@Pooja : You can use Access Query/ Service Account Access Query of endpoint to control the visibility of endpoints under service account Management page.

If understand correctly you don't want to show other endpoints other than Privileged_Accounts under Service Account Management section if so then you can use the access query and build a query such a way that other endpoints shouldn't show for any other users except admins or something that matches your requirement.


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Pooja
New Contributor II
New Contributor II

Hi,

Do you have any sample access query for controlling visibility of endpoints?

@Pooja : Below sample query will control the visibility to users who are part of ROLE_ADMIN Sav Role

where users.username in (SELECT DISTINCT u.username from users u inner join user_savroles usr on u.userkey=usr.userkey inner join savroles sr on sr.rolekey=usr.rolekey and sr.rolename in ('ROLE_ADMIN') and u.statuskey=1)

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.