Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 8.1.5 - Administration Guide for Connecting to SharePoint

Managing SharePoint environments Setting up SharePoint farm synchronization Basic data for managing a SharePoint environment SharePoint farms SharePoint web applications SharePoint site collections and sites SharePoint user accounts SharePoint roles and groups
SharePoint groups SharePoint roles and permission levels
Permissions for SharePoint web applications Reports about SharePoint site collections Configuration parameters for managing a SharePoint environment Default project template for SharePoint

Entering master data for SharePoint roles

Table 40: Configuration parameters for setting up SharePoint roles
Configuration parameter Meaning
QER\CalculateRiskIndex Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.

If the parameter is enabled, values for the risk index can be entered and calculated.

To edit SharePoint role master data

  1. Select the SharePoint | Hierarchical view | <Farm> | Web applications | <web application> | <site collection> | <site> | Roles category.
  2. Select the SharePoint role in the result list. Select the Change master data task.
  3. Enter the required data on the master data form.
  4. Save the changes.

The following properties are displayed for SharePoint roles.

Table 41: SharePoint role properties
Property Description
Display name SharePoint role display name.
Permission level Unique identifier for the permission level on which the SharePoint role is based.
Site Unique identifier for the site that inherits its permissions from the SharePoint role.
Risk index

Value for evaluating the risk of assigning the SharePoint role to user accounts. Enter a value between 0 and 1. The field is only visible if the “QER | CalculateRiskIndex” configuration parameter is set.

Description Text field for additional explanation.
Service item Service item data for requesting the group through the IT Shop.

IT Shop

Specifies whether the SharePoint role can be requested through the IT Shop. This SharePoint role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint role can still be assigned directly to employees and hierarchical roles.

Only for use in IT Shop

Specifies whether the SharePoint role can only be requested through the IT Shop. This SharePoint role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint role may not be assigned directly to hierarchical roles.

NOTE: If the SharePoint role references a permission level for which the Hidden option is set, the options IT Shop and Only use in IT Shop cannot be set. You cannot assign these SharePoint roles to user accounts or groups.
Detailed information about this topic

Assigning SharePoint roles to SharePoint user accounts

SharePoint roles can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees, and SharePoint roles are arranged in hierarchical roles. The number of SharePoint roles assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If you add an employee to hierarchical roles and the employee owns a user authenticated user account, the user account is added to the SharePoint role. Prerequisites for indirect assignment of employees to user accounts:

  • Assignment of employees and groups is permitted for role classes (departments, cost centers, locations, or business roles).
  • The Group authenticated option is not set in the user accounts.
  • User accounts are marked with the Groups can be inherited option.
  • User accounts and SharePoint groups belong to the same site collection.

Furthermore, SharePoint roles can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that SharePoint roles can be assigned through IT Shop requests. All SharePoint roles, which are assigned to this shop as products, can be requested by the customers. Requested SharePoint roles are assigned to the employees after approval is granted.

NOTE: SharePoint roles that reference permission levels with have Hidden set, cannot be assigned to business roles and organizations. These SharePoint roles can be neither directly nor indirectly assigned to user accounts or groups.
Detailed information about this topic

Assigning SharePoint roles to departments, cost centers and locations

Assign SharePoint roles to departments, cost centers and locations in order to assign user accounts to them through these organizations.

To assign a SharePoint role to departments, cost centers, or locations (non role-based login)

  1. Select the SharePoint | Hierarchical view | <Farm> | Web applications | <web application> | <site collection> | <site> | Roles category.
  2. Select the role in the result list.
  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign SharePoint roles to departments, cost centers, or locations (role-based login)

  1. Select the Organizations | Departments category.

    - OR -

    Select the Organizations | Cost centers category.

    - OR -

    Select the Organizations | Locations category.

  2. Select the department, cost center, or location in the result list.
  3. Select the Assign SharePoint roles task.
  4. In the Add assignments pane, assign SharePoint roles.

    - OR -

    In the Remove assignments pane, remove SharePoint roles.

  5. Save the changes.
Related topics

Assigning SharePoint roles to business roles

Installed modules: Business Roles Module

You assign SharePoint roles to business roles in order to assign them to user accounts over business roles.

To assign a SharePoint role to business roles (non role-based login)

  1. Select the SharePoint | Hierarchical view | <Farm> | Web applications | <web application> | <site collection> | <site> | Roles category.
  2. Select the role in the result list.
  3. Select the Assign business roles task.
  4. In the Add assignments pane, assign business roles.

    - OR -

    In the Remove assignments pane, remove business roles.

  5. Save the changes.

To assign SharePoint roles to a business role (non role-based login)

  1. Select the Business roles | <Role class> category.
  2. Select the business role in the result list.
  3. Select the Assign SharePoint roles task.
  4. In the Add assignments pane, assign SharePoint roles.

    - OR -

    In the Remove assignments pane, remove SharePoint roles.

  5. Save the changes.
Related topics
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione