Saviynt SAVIGA-C01 Exam Questions

To save different settings for various categories of Manager Access Reviews within User Manager Campaigns, a Campaign Owner can create C. Campaign Templates. Here's why:

Saviynt's Campaign Templates: Templates allow you to pre-configure various settings for a campaign and save them as a reusable template. This includes settings related to:

Campaign Scope: Defining which users, applications, or entitlements are included.

Certifier Selection: Specifying the type of certifiers (e.g., Managers, Application Owners).

Scheduling and Notifications: Setting up the campaign schedule and email notifications.

Advanced Configurations: Including filters, risk scores, and other advanced settings.

Multiple Templates for Different Categories: A Campaign Owner can create multiple templates, each tailored to a specific category of Manager Access Review. For example:

Template 1: For high-risk applications, with stricter filters and more frequent reviews.

Template 2: For low-risk applications, with broader scope and less frequent reviews.

Template 3: For specific departments or business units, with customized certifier selection.

Benefits of Using Templates:

Consistency: Ensures that similar types of reviews are conducted consistently.

Efficiency: Saves time by eliminating the need to configure each campaign from scratch.

Reduced Errors: Minimizes the risk of manual configuration errors.

Why Other Options Are Less Suitable:

A . Global Configurations: Global configurations apply to all campaigns, not to specific categories of reviews.

B . Campaign Types: Campaign types (e.g., User Manager, Entitlement Owner) define the overall purpose of the campaign, not the specific settings for different categories within a campaign type.

D . Campaign Previews: Previews are for reviewing the campaign data before launch, not for saving different configurations.

In conclusion: Campaign Templates in Saviynt provide a powerful way to save and reuse different configurations for various categories of Manager Access Reviews, promoting consistency, efficiency, and accuracy in the certification process.

To configure a single report that displays the account attributes of all the accounts to their respective Application Owners in Saviynt, the best approach is D. V2 Analytics using SQL Query with User Context. Here's a breakdown:

Saviynt's Analytics V2: This is Saviynt's newer analytics platform, offering more advanced features and flexibility compared to the older version.

SQL Query with User Context: This is the key to achieving the desired outcome. 'User Context' means that the query will be executed in the context of the currently logged-in user (in this case, the Application Owner).

How it Works:

Dynamic Filtering: When an Application Owner runs the report, the 'User Context' will automatically filter the data to show only the accounts that they own.

Security and Data Privacy: This ensures that each Application Owner only sees the data that they are authorized to access.

SQL Query Structure: The SQL query would likely involve a JOIN between the accounts table and a table that defines application ownership (e.g., applications), using a WHERE clause that filters based on the current user's ID or username. Something like this (syntax might need adjustment for Saviynt's specific SQL dialect):

SELECT a.*

FROM accounts a

JOIN applications app ON a.application_id = app.application_id

WHERE app.owner_id = ${CURRENT_USER_ID} -- This is the user context part

Why Other Options Are Less Suitable:

A . Use Elasticsearch Query: While Elasticsearch can be used for analytics, it might not be the best tool for this specific requirement, as it doesn't inherently support the concept of 'User Context' in the same way as SQL queries in Analytics V2.

B . V2 Analytics using SQL Query with External Connection: External connections are used to query data from external databases, which is not necessary in this scenario.

C . V2 Analytics using SQL Query with Allowed Action: Allowed Actions are used to define actions that can be performed on analytics results, not for filtering data based on user context.

The statement is False. In the provided USER_IMPORT_MAPPING, USERNAME is the user attribute defined in EIC (Enterprise Identity Cloud), and wd:User_Name is the attribute defined in Workday. Here's a breakdown:

Saviynt's USER_IMPORT_MAPPING: This configuration within a connection (in this case, Workday RAAS) defines how data from the connected system (Workday) should be mapped to attributes within Saviynt's EIC.

ImportMapping: This section specifies the mapping between source attributes (Workday) and target attributes (EIC).

USERNAME: In the provided mapping, USERNAME (without the wd: prefix) is the target attribute, meaning it's an attribute within Saviynt's EIC.

wd:User_Name: The wd: prefix typically indicates a Workday attribute. Therefore, wd:User_Name is the source attribute from Workday.

~#~string: This likely indicates the data type of the attribute (string in this case).

Correct Interpretation: The mapping is saying: 'Take the value of the wd:User_Name attribute from Workday and map it to the USERNAME attribute in EIC.'

In essence: The USER_IMPORT_MAPPING defines how data from Workday is translated into Saviynt's internal data model, and in this case, USERNAME belongs to Saviynt (EIC), while wd:User_Name belongs to Workday.

To decommission an AD Group and revoke access for all users, Jane should use D. Entitlement Owner Certification. Here is why:

AD Group as an Entitlement: In Saviynt, an AD Group is typically represented as an Entitlement.

Entitlement Owner Certification: This type of campaign allows the designated owner of an entitlement (in this case, Jane, as the manager of the AD Group) to review and certify who should have access to that entitlement.

Revoking Access: As the Entitlement Owner, Jane can use the certification campaign to:

Review the list of users: See all users who are currently members of the AD Group.

Revoke access for all users: Mark all users for removal from the group.

Decommissioning the Group: After revoking access for all users through the certification, Jane can then proceed with decommissioning the AD Group itself (either through Saviynt if it manages AD group lifecycle or directly in Active Directory).

Why Other Options Are Less Suitable:

A . Segregation of Duties: SoD is a principle, not a specific action for revoking access.

B . Entitlement Update Rule: While rules can automate some actions, a certification campaign provides a more controlled and auditable way to review and revoke access, especially for a sensitive action like decommissioning a group.

C . Mitigation Control: Mitigation controls are used to manage SoD conflicts, not for revoking access to entitlements.

In conclusion: An Entitlement Owner Certification campaign provides a structured and auditable way for Jane to review the membership of the AD Group, revoke access for all users, and prepare for the group's decommissioning, aligning with best practices for access management.

In Saviynt, a Campaign is best described as a D. Group of similar Certifications. Here's a breakdown:

Saviynt's Campaigns and Certifications:

Campaign: A container that defines the scope, schedule, participants, and other settings for a set of related access certifications.

Certification: The individual review task assigned to a Certifier (e.g., a manager reviewing their subordinates' access, an application owner reviewing users of their application).

Analogy: Think of a Campaign as a project, and Certifications as individual tasks within that project.

Purpose of Campaigns: Campaigns provide a structured way to manage and track access reviews, ensuring that they are conducted regularly and consistently.

Examples of Campaigns:

User Manager Campaign: Groups certifications where managers review their subordinates' access.

Entitlement Owner Campaign: Groups certifications where entitlement owners review who has access to their entitlements.

Application Owner Campaign: Groups certifications where application owners review who has access to their applications.

Why Other Options Are Incorrect:

A . Group of similar Endpoints: Endpoints are systems or applications connected to Saviynt, not the primary grouping within a campaign.

B . Group of User Groups: User groups are collections of users, not the defining element of a campaign.

C . Group of Dashboards: Dashboards provide visualizations of data, but they are not the core component of a campaign.

In conclusion: A Campaign in Saviynt is essentially a container for a set of related access certifications, providing a framework for managing and organizing the review process based on specific criteria and objectives.