Adding SharePoint groups
New SharePoint groups can be created in the SharePoint environment by a request for this default product. The requester provides information about the name and site collection, if known, of the request. Based on this information, the target system manager specifies the container, in which the group will be added and grants approval for the request. The group is created in One Identity Manager and published to the target system.
Prerequisite
- Employees are assigned to the Target systems | SharePoint application role. 
If the QER | ITShop | GroupAutoPublish configuration parameter is set, the group is added to the IT Shop and the assigned to the Identity & Access Lifecycle | SharePoint groups shelf. The group is assigned to the existing service category.
Table 37: Default product for requesting a SharePoint group
| Product | Adding a SharePoint group | 
| Service category | SharePoint groups | 
| Shelf | Identity & Access Lifecycle | Group Lifecycle | 
| Approval policies/approval workflows | Approval of SharePoint group create requests | 
Related topics
 
    SharePointRequesting Groups Memberships
Product owners and target system managers can request members for groups in these shelves in the Web Portal. The respective product owner or target system manager must grant approval for this modification. The changes are published in the target system.
Table 38: Default objects for requesting group memberships
| Shelves: | Identity & Access Lifecycle | SharePoint groups | 
| Approval policies/approval workflows: | Approval of group membership requests | 
Related topics
 
    SharePoint roles and permission levels
You can define so-called permission levels in SharePoint to grant permissions to objects in a site. These permission levels group together different SharePoint permissions. Permission levels with a unique reference to a site are mapped in the One Identity Manager database as SharePoint roles. You can assign SharePoint roles through groups, or directly to user accounts. SharePoint users obtain their permissions for site objects in this way.
Figure 4: SharePoint roles and permission levels in One Identity Manager
 
 
 
    Entering master data for SharePoint permission levels
To edit master data for a permission level
- Select the SharePoint | Permission levels category. 
- Select the permission level in the result list. Select the Change master data task.
- OR - Click  in the result list. in the result list.
 
- Enter the required data on the master data form. 
- Save the changes. 
Enter the following properties for a permission level on the master data form:
Table 39: Properties of a permission level
| Permission level | Name of the permissions level. | 
| Site | Unique identifier for the site the permission level is added to. | 
| Description | Text field for additional explanation. | 
| Hidden | Specifies whether a SharePoint role with the permission level can be assigned to user accounts or groups. |