You can add and remove accounts from a SharePoint resource, including sites, libraries, lists, documents, and so on. You can assign Active Directory users and groups, and SharePoint groups. You can also modify the permission levels assigned to each account, if the resource has unique permissions. For more information, see Working with SharePoint permission levels.
|
Note: If you see a message in the list of issues that the forest or domain could not be contacted, this could be because the trusted domain has not been synchronized with One Identity Manager. |
To add or remove accounts from a SharePoint resource
Open the Resource browser using one of the following methods:
Select the required SharePoint farm in the Managed hosts view and select Resource browser from the Tasks view or right-click menu.
The web applications for the selected farm display. From here, you can browse the SharePoint hierarchy.
When a resource is selected, the security settings for the resource display in the Permissions pane (lower pane).
To add an account, click Add Account, then browse to the required account.
|
Note: To add SharePoint groups, ensure that you set the Location to SharePoint. Only groups from the current site are shown. |
In the Permissions pane, click in the Permission Levels column that corresponds to the newly added account.
A pop-up appears displaying all the permission levels available. Select the permissions levels to assign to the new account and press Enter.
To modify the permission levels assigned to an account
Open the Resource browser using one of the following methods:
Select the required SharePoint farm in the Managed hosts view and select Resource browser from the Tasks view or right-click menu.
The web applications for the selected farm display in the lower pane.
You can see the permissions included in a permission level by hovering your cursor over the level, and you can hover over an individual permission to see its description.
SharePoint permissions are a collection of list, site, and personal permissions designed to provide the appropriate level of access for a given group of users. Permission levels are unique for each site collection. Although permission levels are created and managed at the site collection level, Data Governance Edition allows you to manage permissions regardless of your context, and resolves your permission level changes to the appropriate site collection. You can create a permission level at anytime, as long as you have the Manage Permissions permission on the site collection. You can also edit existing permission levels, and delete those you no longer need.
You may want to view the details of existing permission levels before creating new ones. The fewer well-designed permission levels you have, the easier your site permissions are to manage.
|
Note: If you see a message in the list of issues that the forest or domain could not be contacted, this could be because the trusted domain has not been synchronized with One Identity Manager. |
To view the permissions contained in a permission level by viewing a resource
Open the Resource browser using one of the following methods:
The security for the resource displays in the Permissions pane (lower pane).
A message across the top of the pane indicates whether permissions are inherited or unique.
In the Permissions pane, click in the corresponding Permission Levels column for one of the accounts listed.
A pop-up appears displaying all the permission levels available. The permission levels assigned to the selected account are marked with a check mark. To see the permissions included in a permission level, hover your cursor over the permission level. You can also hover your cursor over an individual permission to see its description.
To view the permissions contained in a permission level using the Permission Levels dialog
The permissions included in the level are shown on the right side of the dialog.
If you need a new combination of permissions to achieve your security goals, you can create it through the Resource browser. Regardless of the object you have selected, the permission level is associated with the site collection, and is available for use with any object in the site collection.
To create a SharePoint permission level
The security for the resource displays in the lower pane.
Some permissions are actually collections of permissions. For example, when you select Manage Lists, additional permissions required to perform this task, such as View Pages and Open, are also selected.
If you no longer need a permission level, you can delete it.
|
Note: When you delete a permission level, you may be leaving users or groups without their accustomed access to SharePoint. Ensure that you have assigned appropriate permission levels to all affected accounts before deleting a permission level. |
To delete a SharePoint permission level
The security for the resource displays in the lower pane.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy