SharePoint Online roles are defined at site level. There are always roles defined for the root site of a site collection. Child sites can inherit these role definitions. In the same way, roles on the root site of a site collection are also assigned to groups or user accounts. These assignments can inherit child sites.
The Unique role assignment option specifies whether user accounts and groups are explicitly authorized for a site or whether the role assignments are inherited by the parent website.
Child sites can inherit permissions from the sites that the user accounts have on those sites. Every root site of a site collection or every site that has a child site.
This permits the following scenarios:
-
The child site inherits the role assignments.
The permission levels and role definitions of the (bequeathing) parent site apply. User and groups cannot be explicitly authorized for the site. Only user accounts that have permissions for the (bequeathing) parent site have access to the site.
-
The child site does not inherit role assignments.
In this case unique permission levels can be created in the same way as the root site of a site collection. The SharePoint Online roles based on the definitions are assigned to user accounts and groups.
Related topics
Permission levels with a unique reference to a site are mapped in the One Identity Manager database as SharePoint Online roles. You can assign SharePoint Online roles through groups, or directly to user accounts. SharePoint Online users obtain their permissions for site objects in this way.
NOTE: SharePoint Online roles and role assignments are handled as dependent objects by synchronization. That means, SharePoint Online roles must also be synchronized in order to synchronize role assignments.
Related topics
To edit SharePoint Online role main data
-
In the Manager, select the category SharePoint Online > Roles.
-
Select the SharePoint Online role in the result list and run the Change main data task.
-
Edit the main data of the role.
- Save the changes.
NOTE: If the SharePoint Online role references a permission level for which the Hidden option is set, the IT Shop options and Only use in IT Shop cannot be set. You cannot assign these SharePoint Online roles to user accounts or groups.
Related topics
The following properties are displayed for SharePoint Online roles.
Table 29: General main data of a SharePoint Online role
|
Display name |
SharePoint Online role display name. |
|
Permission level |
Unique identifier for the permission level on which the SharePoint Online role is based. |
|
Site |
Unique identifier for the site that inherits its permissions from the SharePoint Online role. |
|
Service item |
Service item data for requesting the role through the IT Shop. |
|
Category |
Categories for role inheritance. User accounts can inherit roles selectively. To do this, roles, and user accounts are divided into categories. Select one or more categories from the menu. |
|
Description |
Text field for additional explanation. |
|
IT Shop |
Specifies whether the SharePoint Online role can be requested through the IT Shop. This SharePoint Online role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint Online role can still be assigned directly to employees and hierarchical roles. |
|
Only for use in IT Shop |
Specifies whether the SharePoint Online role can only be requested through the IT Shop. This SharePoint Online role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint Online role may not be assigned directly to hierarchical roles. |
NOTE: If the SharePoint Online role references a permission level for which the Hidden option is set, the IT Shop and Only use in IT Shop options cannot be set. You cannot assign these SharePoint Online roles to user accounts or groups.
Detailed information about this topic
