Saviynt Certified Advanced IGA Professional (Level 200) SCAIP Question # 7 Topic 1 Discussion
SCAIP Exam Topic 1 Question 7 Discussion:
Question #: 7
Topic #: 1
Administrator created a custom SAV role, ROLE_CUSTOM_READ, with the "Read Only" option set to true. If the user is assigned both ROLE_ADMIN and ROLE_CUSTOM_READ, what actions can the user perform?
A.
User can only view/edit the modules as mapped under Features for ROLE_CUSTOM_READ
B.
User can only view all EIC configurations
C.
It depends; the access defined in the SAV Role that was assigned later takes precedence over the other
D.
User will have full view/edit access as user is part of ROLE_ADMIN
In Saviynt EIC,SAV Roles are additive in nature, meaning that when a user is assigned multiple roles, the system grants theunion of all permissionsacross those roles. There is no restrictive override where one role limits another; instead, the highest level of access prevails.
In this scenario, the user is assigned bothROLE_ADMINandROLE_CUSTOM_READ (Read Only). While ROLE_CUSTOM_READ restricts access to read-only, theROLE_ADMIN role provides full administrative privileges, including both view and edit capabilities across modules.
Saviynt does not enforce precedence based on role assignment order, nor does a read-only role override an admin role. Instead, permissions are cumulative, and the most permissive access is effectively granted.
Therefore,Option Dis correct: the user will havefull view and edit accessbecause ROLE_ADMIN includes comprehensive permissions that supersede the limitations of the read-only role.
This behavior ensures flexibility in role assignments but also requires careful governance to avoid over-provisioning of administrative access.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit