To obtain an overview of a permission level
- Select the SharePoint > Permission levels category.
- Select the permission level in the result list.
- Select the SharePoint permission level overview task.
To obtain an overview of a permission level
You can assign One Identity Manager permission levels in SharePoint. Only valid permissions for web applications can be assigned. User account obtain these site permissions through a SharePoint internal inheritance procedure.
Permissions may depend on other permissions. SharePoint assigns these dependent permissions automatically. For example, the permissions "view pages", "browse user information", and "open" are always passed down with the permission "create groups".
To assign permissions to permission levels
- OR -
In the Remove assignments pane, remove permission.
If you remove permissions from the list of valid permissions for a web application in SharePoint, the permissions cannot be assigned to permission levels within the web application from this point on. Assignments to permission levels that already exist for these permissions remain intact but are not active. These permissions are deleted from the SPSWebAppHasPermission table during synchronization. Assignments to permission levels that already exist for these permissions are not changed. Inactive permissions are displayed in the permission levels' overview.
| Configuration parameter | Meaning |
|---|---|
| QER | CalculateRiskIndex | Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.
If the parameter is enabled, values for the risk index can be entered and calculated. |
To edit SharePoint role main data
The following properties are displayed for SharePoint roles.
| Property | Description |
|---|---|
| Display name | SharePoint role display name. |
| Permission level | Unique identifier for the permission level on which the SharePoint role is based. |
| Site | Unique identifier for the site that inherits its permissions from the SharePoint role. |
| Risk index |
Value for evaluating the risk of assigning the SharePoint role to user accounts. Enter a value between 0 and 1. The field is only visible if the “QER | CalculateRiskIndex” configuration parameter is set. |
| Description | Text field for additional explanation. |
| Service item | Service item data for requesting the group through the IT Shop. |
|
IT Shop |
Specifies whether the SharePoint role can be requested through the IT Shop. This SharePoint role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint role can still be assigned directly to employees and hierarchical roles. |
|
Only for use in IT Shop |
Specifies whether the SharePoint role can only be requested through the IT Shop. This SharePoint role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint role may not be assigned directly to hierarchical roles. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center