Version : IdentityIQ 8.3p2
How to provide view entitlement administrator capabiltilies instead of entitlementAdminisitrator capabilties , as this will provide write access as well , can someone suggest how can we provide read access to view entitlement catalog as i could not find any capabiltiites as such in user rights.
Hi @Chaitanya_Eati ,
The âViewAccountGroupsâ SP rights grant users read-only access to entitlement data within the Advanced Analytics module, allowing them to view entitlement information without making modifications
2 Likes
Hi @Arun-Kumar ,
Thank you for your response. Actually we are unable to find âviewAccountGroupsâ capabilties in user rights/ or under capabilties.
Hi @Chaitanya_Eati ,
âViewAccountGroupsâ is a SPRights.
Create a new capability and in the capability include the âViewAccountGroupsâ SPrights. Assign the capability to the user.
There is no direct capability for this, but you can create a new custom capability by adding the âViewAccountGroupsâ sprights
@Arun-Kumar Thank you for the suggestion, i will try this.
@king075 Thank you for the suggestion, i will try this.
Hi @Chaitanya_Eati
you can use below snippet:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Capability PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Capability displayName="Custom_Capability" name="Custom Capability">
<Description>new custom capability with SPRight:ViewAccountGroups</Description>
<RightRefs>
<Reference class="sailpoint.object.SPRight" name="ViewAccountGroups"/>
</RightRefs>
</Capability>
Thank you @pattabhi , it worked , thanks !!
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.