Chat now with support
Chat with Support

Identity Manager 8.2.1 - Administration Guide for Connecting to SharePoint

Managing SharePoint environments Setting up SharePoint farm synchronization Basic data for managing a SharePoint environment SharePoint farms SharePoint web applications SharePoint site collections and sites SharePoint user accounts SharePoint roles and groups
SharePoint groups SharePoint roles and permission levels
Permissions for SharePoint web applications Reports about SharePoint objects Configuration parameters for managing a SharePoint environment Default project template for SharePoint

Effectiveness of SharePoint roles

The behavior described under Effectiveness of group memberships can also be used for SharePoint roles.

The effect of the assignments is mapped in the SPSUserHasSPSRLAssign and BaseTreeHasSPSRLAssign tables though the column XIsInEffect.

Prerequisites
  • The QER | Structures | Inherite | GroupExclusion configuration parameter is set.

    In the Designer, set the configuration parameter and compile the database.

    NOTE: If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

  • Mutually exclusive SharePoint roles belong to the same site collection.

To exclude SharePoint roles

  1. Select the SharePoint > Roles category.
  2. Select the role in the result list.
  3. Select the Exclude SharePoint roles task.
  4. In the Add assignments pane, assign the roles that are mutually exclusive to the selected role.

    - OR -

    In the Remove assignments pane, remove the roles that no longer exclude each other.

  5. Save the changes.
Detailed information about this topic

Assigning extended properties to SharePoint roles

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To specify extended properties for a SharePoint role

  1. In the Manager, select the SharePoint > Roles category.

  2. Select the role in the result list.

  3. Select the Assign extended properties task.

  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .

  5. Save the changes.

For more information about setting up extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Deleting SharePoint roles and permission levels

You cannot delete SharePoint roles in the Manager. They are deleted by the DBQueue Processor when the associated permission level is deleted.

To delete a permission level

  1. Select the SharePoint > Permission levels category.
  2. Select the permission level in the result list.
  3. Click to delete the permission level.
  4. Confirm the security prompt with Yes.

If deferred deletion is configured, the permission level is marked for deletion and finally deleted after the deferred deletion period has expired. During this period, the permission level can be restored. Permission levels with deferred deletion of 0 days are deleted immediately.

To restore a permission level

  1. Select the SharePoint > Permission levels category.
  2. Select the permission level marked for deletion in the result list.
  3. Click in the result list.
Related topics
  • One Identity Manager Configuration Guide

Permissions for SharePoint web applications

You can define user policies in SharePoint that guarantee permissions across all sites in a site collection. These user policies overlay all the permissions that are specially defined for the sites. User policies are based on authentication objects from which SharePoint user accounts are created. These authentication objects can be saved as authentication objects in user policies.

User policies obtain their permissions through permission policies. SharePoint permissions are explicitly granted or denied in permission policies.

Figure 5: Permissions for SharePoint web applications through policies

You define user policies and permission policies for a web application. User policies are therefore implicitly authorized for all web application sites. You can limit them to single zones or be allow them for the entire web application.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating