We have identified a solution that allows us to grant selective API access to users directly from the Saviynt UI. Here are the steps to achieve this:
1. Create an API-specific local user in Saviynt.
- Configure the user's access permissions to include only the required API methods.
2. Utilize the SAV Role feature in Saviynt.
- Within the SAV Role settings, locate the "Access" option.
- Add the specific API methods that need to be accessible to the user.
Example:
Within the Saviynt UI, navigate to the "Webservice" menu. Under the "Webservice" submenu, locate and select the desired API methods, such as 'SUBMENU.WEBSERVICE.api_createnewuser', 'SUBMENU.WEBSERVICE.api_v5_authenticateUser', 'SUBMENU.WEBSERVICE.api_v5_updateUser', 'SUBMENU.WEBSERVICE.api_v5_createnewuser', etc., based on the requirements.
3. Configure user-specific settings.
- For the particular user, ensure that the 'localauthenabled' parameter is set to 1.
- Confirm that the 'passwordexpired' parameter for the user is set to 0.
Note:- You Can run the customqueryjob to enable the local auth:- update users set passwordexpired=0,localauthenabled=1 where username='000010'
4. Testing and Deployment.
- It is recommended to perform testing in a lower environment to ensure the solution works as expected.
- Once successfully tested, the solution can be deployed to higher environments.
Conclusion:
By following the steps outlined above, users can be granted selective access to specific API methods in Saviynt. This approach offers the ability to provide necessary API functionality while maintaining a secure and controlled environment.
References
