The Job that should be created and scheduled to evaluate Rules on a need basis in Saviynt is A . Run Detective Rules and Take Action. Here's an explanation:

Saviynt's Jobs: Saviynt uses Jobs to perform various tasks, including data imports, rule evaluations, and provisioning operations.

'Run Detective Rules and Take Action': This specific job is designed to:

Evaluate Rules: It evaluates rules that are configured for detective (monitoring) purposes. These rules typically check for specific conditions or changes in user attributes, access rights, or other data.

Take Action (Optional): Based on the rule evaluation results, the job can be configured to automatically take actions, such as:

Generating alerts or notifications.

Creating tasks for administrators to review.

Triggering workflows.

Automatically remediating issues (e.g., revoking access if a rule detects a violation).

Scheduling: This job can be scheduled to run periodically (e.g., daily, hourly) to continuously monitor for changes and enforce defined rules.

On-Demand Execution: You can also run this job on-demand to evaluate rules immediately.

Other Options:

B . Provisioning Job: This job is primarily used for provisioning access to target systems, not for evaluating general-purpose rules.

C . User Import via Connection: This job is for importing user data from external sources.

D . Trigger Chain Job: This allows for running a series or 'chain' of jobs, but it doesn't directly evaluate rules itself.

The maximum file attachment limit for a request in Saviynt is typically 10. Here's an explanation:

Saviynt's Access Request System (ARS): The ARS allows users to attach files to access requests to provide supporting documentation or justification.

Attachment Limits: To prevent excessive storage usage and potential performance issues, Saviynt imposes limits on the number and size of attachments allowed per request.

Default Limit: The default maximum number of attachments allowed per request in Saviynt is generally 10.

Configuration: While 10 is the common default, it's worth noting that this limit might be configurable within the ARS settings in some Saviynt deployments. However, significantly increasing this limit could impact performance.

File Size Limit: In addition to the number of attachments, there's also usually a limit on the individual file size and the total size of all attachments combined. This is also generally configurable. These file size limits are important for maintain system stability and performance.

Error Handling: If a user attempts to exceed the attachment limit, Saviynt will typically display an error message, preventing them from submitting the request until the number of attachments is reduced.

To configure a single report that displays the account attributes of all the accounts to their respective Application Owners in Saviynt, the best approach is D. V2 Analytics using SQL Query with User Context. Here's a breakdown:

Saviynt's Analytics V2: This is Saviynt's newer analytics platform, offering more advanced features and flexibility compared to the older version.

SQL Query with User Context: This is the key to achieving the desired outcome. 'User Context' means that the query will be executed in the context of the currently logged-in user (in this case, the Application Owner).

How it Works:

Dynamic Filtering: When an Application Owner runs the report, the 'User Context' will automatically filter the data to show only the accounts that they own.

Security and Data Privacy: This ensures that each Application Owner only sees the data that they are authorized to access.

SQL Query Structure: The SQL query would likely involve a JOIN between the accounts table and a table that defines application ownership (e.g., applications), using a WHERE clause that filters based on the current user's ID or username. Something like this (syntax might need adjustment for Saviynt's specific SQL dialect):

SELECT a.*

FROM accounts a

JOIN applications app ON a.application_id = app.application_id

WHERE app.owner_id = ${CURRENT_USER_ID} -- This is the user context part

Why Other Options Are Less Suitable:

A . Use Elasticsearch Query: While Elasticsearch can be used for analytics, it might not be the best tool for this specific requirement, as it doesn't inherently support the concept of 'User Context' in the same way as SQL queries in Analytics V2.

B . V2 Analytics using SQL Query with External Connection: External connections are used to query data from external databases, which is not necessary in this scenario.

C . V2 Analytics using SQL Query with Allowed Action: Allowed Actions are used to define actions that can be performed on analytics results, not for filtering data based on user context.

The bulk operation that is not typically a supported feature in the same way as the others is C. Bulk Approval - Single-click approval for multiple entitlements in a single request. Here's why:

Saviynt's Bulk Operations: Saviynt supports various bulk operations to streamline administration and user experience, especially when dealing with multiple users or requests.

Supported Bulk Operations:

A . Bulk Request Access: Saviynt allows users to request access for multiple users in a single request. This is a common and supported feature.

B . Disabling multiple users and their access: Administrators can disable multiple user accounts and revoke their access in bulk.

D . Deleting multiple users: Saviynt supports the bulk deletion of user accounts.

Bulk Approval - Granularity: While Saviynt supports bulk approvals (approving multiple requests at once), it typically operates at the request level, not at the individual entitlement level within a single request. Approving multiple separate requests in one go is a standard bulk approval action.

Each request (even if it's a bulk request for multiple users or contains multiple entitlements) is usually treated as a single unit for approval.

Approvers typically approve or reject the entire request, not individual entitlements within it.

Security and Control: This approach maintains better control and auditability. Approving each entitlement within a single request individually would require a more complex interface and potentially increase the risk of accidental approvals.

Possible Workarounds:

Separate Requests: To achieve a similar outcome, users could submit separate requests for each entitlement, allowing the approver to approve them individually (and potentially in bulk if they are separate requests).

Custom Workflows: In theory, it might be possible to create highly customized workflows to handle this scenario, but it's not a standard out-of-the-box feature.

In summary: While Saviynt excels at bulk operations for users and requests, single-click approval of individual entitlements within a single request is not a typical supported feature due to the need for granular control and a clear audit trail. Bulk approvals usually apply to entire requests, not to individual entitlements within them.

In Saviynt, a User represents the unique identity of a person. It's the central object that ties together all the information about an individual, including their accounts, entitlements, roles, and attributes.

Why other options are incorrect:

Endpoint: Represents a system or application, not a person.

Employee: While many users might be employees, the term 'user' is more general and can include contractors, partners, etc.

Account: Represents a user's access to a specific system, not their overall identity.

Saviynt IGA Reference:

Saviynt Documentation: Throughout the documentation, 'User' consistently refers to the individual's identity within the system.

Saviynt User Interface: The User Management section in Saviynt focuses on managing the lifecycle and access of individual users.