To obtain an overview of a SharePoint role
- Select the SharePoint > Roles category.
- Select the role in the result list.
- Select the SharePoint role overview task.
Managing SharePoint environments
Architecture overview
One Identity Manager users for managing SharePoint
Claims-based authentication
Setting up SharePoint farm synchronization
Users and permissions for synchronizing with a SharePoint farm
Setting up the synchronization server
Creating a synchronization project for initial synchronization of a SharePoint farm
Special synchronization cases for valid permissions
Displaying synchronization results
Customizing the synchronization configuration
Basic data for managing a SharePoint environment
How to configure SharePoint synchronization
Configuring synchronization of several SharePoint farms
Changing system connection settings of SharePoint farms
Updating schemas
Speeding up synchronization with revision filtering
Post-processing outstanding objects
Configuring the provisioning of memberships
Configuring single object synchronization
Accelerating provisioning and single object synchronization
Help for analyzing synchronization issues
Disabling synchronization
Synchronizing single objects
Ignoring data error in synchronization
Pausing handling of target system specific processes (Offline mode)
Authentication modes
Prefixes
Zones and alternative URLs
SharePoint site templates
SharePoint permissions
SharePoint quotas
SharePoint languages
Editing a server
Target system managers
Setting up account definitions
SharePoint farms
SharePoint web applications
SharePoint site collections and sites
Creating an account definition
Creating manage levels
Creating a formatting rule for IT operating data
Collecting IT operating data
Modify IT operating data
Assigning account definitions to employees
Assigning account definitions to departments, cost centers, and locations
Assigning account definitions to business roles
Assigning account definitions to all employees
Assigning account definitions directly to employees
Assigning account definitions to system roles
Adding account definitions to the IT Shop
Assigning account definitions to a target system
Deleting an account definition
SharePoint site collections
SharePoint sites
SharePoint user accounts
General main data of a site
Address data for a site
Site design properties
Additional tasks for managing sites
Passing on permissions to child sites
Setting up SharePoint site collections and sites
Supported user account types
Entering main data of SharePoint user accounts
Additional tasks for managing SharePoint user accounts
SharePoint roles and groups
Displaying the SharePoint user account overview
Assigning SharePoint groups directly to a SharePoint user account
Assigning SharePoint roles directly to user accounts
Assigning extended properties
Using custom authentication modes
Assigning employees automatically to SharePoint user accounts
Deleting and restoring SharePoint user accounts
SharePoint groups
Permissions for SharePoint web applications
Reports about SharePoint objects
Configuration parameters for managing a SharePoint environment
Default project template for SharePoint
Entering main data of SharePoint groups
Assigning SharePoint groups to SharePoint user accounts
SharePoint roles and permission levels
Assigning SharePoint groups to departments, cost centers and locations
Assigning SharePoint groups to business roles
Assigning SharePoint user accounts directly to a SharePoint group
Assigning SharePoint roles to SharePoint groups
Adding SharePoint groups to system roles
Adding SharePoint groups to the IT Shop
Adding SharePoint groups automatically to the IT Shop
Additional tasks for managing SharePoint groups
Displaying an overview of SharePoint groups
Effectiveness of group memberships
SharePoint group inheritance based on categories
Assigning extended properties to SharePoint groups
Deleting SharePoint groups
Default solutions for requesting SharePoint groups
Entering main data of SharePoint permission levels
Additional tasks for managing SharePoint permission levels
Special synchronization cases for valid permissions
Entering main data of SharePoint roles
Assigning SharePoint roles to SharePoint user accounts
Assigning SharePoint roles to departments, cost centers and locations
Assigning SharePoint roles to business roles
Assigning SharePoint user accounts directly to a SharePoint role
Assigning SharePoint groups to SharePoint roles
Adding SharePoint roles to system roles
Adding SharePoint roles to the IT Shop
Additional tasks for managing SharePoint roles
Displaying the SharePoint rules overview
Effectiveness of SharePoint roles
Assigning extended properties to SharePoint roles
Deleting SharePoint roles and permission levels
Displaying the SharePoint rules overview
Effectiveness of SharePoint roles
The behavior described under Effectiveness of group memberships can also be used for SharePoint roles.
The effect of the assignments is mapped in the SPSUserHasSPSRLAssign and BaseTreeHasSPSRLAssign tables though the column XIsInEffect.
Prerequisites
-
The QER | Structures | Inherite | GroupExclusion configuration parameter is set.
In the Designer, set the configuration parameter and compile the database.
NOTE: If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
-
Mutually exclusive SharePoint roles belong to the same site collection.
To exclude SharePoint roles
- Select the SharePoint > Roles category.
- Select the role in the result list.
- Select the Exclude SharePoint roles task.
- In the Add assignments pane, assign the roles that are mutually exclusive to the selected role.
- OR -
In the Remove assignments pane, remove the roles that no longer exclude each other.
- Save the changes.
Detailed information about this topic
Assigning extended properties to SharePoint roles
Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.
To specify extended properties for a SharePoint role
-
In the Manager, select the SharePoint > Roles category.
-
Select the role in the result list.
-
Select the Assign extended properties task.
-
In the Add assignments pane, assign extended properties.
TIP: In the Remove assignments pane, you can remove assigned extended properties.
To remove an assignment
-
Select the extended property and double-click
.
-
- Save the changes.
For more information about setting up extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.
Deleting SharePoint roles and permission levels
You cannot delete SharePoint roles in the Manager. They are deleted by the DBQueue Processor when the associated permission level is deleted.
To delete a permission level
- Select the SharePoint > Permission levels category.
- Select the permission level in the result list.
- Click
to delete the permission level.
- Confirm the security prompt with Yes.
If deferred deletion is configured, the permission level is marked for deletion and finally deleted after the deferred deletion period has expired. During this period, the permission level can be restored. Permission levels with deferred deletion of 0 days are deleted immediately.
To restore a permission level
- Select the SharePoint > Permission levels category.
- Select the permission level marked for deletion in the result list.
- Click
in the result list.
Related topics
- One Identity Manager Configuration Guide