Chat now with support
Chat with Support

Identity Manager 8.2 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment
Setting up initial synchronization with an SharePoint Online tenant SharePoint Online synchronization features Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles Setting up SharePoint Online site collections and sites Reports about SharePoint Online objects
Handling of SharePoint Online objects in the Web Portal Basic data for managing a SharePoint Online environment Configuration parameters for managing SharePoint Online Default project template for SharePoint Online Editing system objects

Inheritance of SharePoint Online permissions by SharePoint Online sites

SharePoint Online roles are defined at site level. There are always roles defined for the root site of a site collection. Child sites can inherit these role definitions. In the same way, roles on the root site of a site collection are also assigned to groups or user accounts. These assignments can inherit child sites.

The Unique role assignment option specifies whether user accounts and groups are explicitly authorized for a site or whether the role assignments are inherited by the parent website.

Child sites can inherit permissions from the sites that the user accounts have on those sites. Every root site of a site collection or every site that has a child site.

This permits the following scenarios:

  1. The child site inherits the role assignments.

    The permission levels and role definitions of the (bequeathing) parent site apply. User and groups cannot be explicitly authorized for the site. Only user accounts that have permissions for the (bequeathing) parent site have access to the site.

  2. The child site does not inherit role assignments.

    In this case unique permission levels can be created in the same way as the root site of a site collection. The SharePoint Online roles based on the definitions are assigned to user accounts and groups.

Related topics

SharePoint Online roles

Permission levels with a unique reference to a site are mapped in the One Identity Manager database as SharePoint Online roles. You can assign SharePoint Online roles through groups, or directly to user accounts. SharePoint Online users obtain their permissions for site objects in this way.

NOTE: SharePoint Online roles and role assignments are handled as dependent objects by synchronization. That means, SharePoint Online roles must also be synchronized in order to synchronize role assignments.

Related topics

Editing main data of SharePoint Online roles

To edit SharePoint Online role main data

  1. In the Manager, select the category SharePoint Online > Roles.

  2. Select the SharePoint Online role in the result list and run the Change main data task.

  3. Edit the main data of the role.

  4. Save the changes.

NOTE: If the SharePoint Online role references a permission level for which the Hidden option is set, the IT Shop options and Only use in IT Shop cannot be set. You cannot assign these SharePoint Online roles to user accounts or groups.

Related topics

General main data of SharePoint Online roles

The following properties are displayed for SharePoint Online roles.

Table 29: General main data of a SharePoint Online role
Property Description

Display name

SharePoint Online role display name.

Permission level

Unique identifier for the permission level on which the SharePoint Online role is based.

Site

Unique identifier for the site that inherits its permissions from the SharePoint Online role.

Service item

Service item data for requesting the role through the IT Shop.

Category

Categories for role inheritance. User accounts can inherit roles selectively. To do this, roles, and user accounts are divided into categories. Select one or more categories from the menu.

Description

 Text field for additional explanation.

IT Shop

Specifies whether the SharePoint Online role can be requested through the IT Shop. This SharePoint Online role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint Online role can still be assigned directly to employees and hierarchical roles.

Only for use in IT Shop

Specifies whether the SharePoint Online role can only be requested through the IT Shop. This SharePoint Online role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint Online role may not be assigned directly to hierarchical roles.

NOTE: If the SharePoint Online role references a permission level for which the Hidden option is set, the IT Shop and Only use in IT Shop options cannot be set. You cannot assign these SharePoint Online roles to user accounts or groups.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating