Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - User Guide

Introduction Data Governance navigation node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting Appendix: EMC, NetApp Filer, and SharePoint configuration details Appendix: PowerShell commands Appendix: Governed data attestation policies Appendix: Governed data company policies Appendix: Governed data risk index functions About us

Modifying the permissions on a SharePoint resource

You can add and remove accounts from a SharePoint resource, including sites, libraries, lists, documents, and so on. You can assign Active Directory users and groups, and SharePoint groups. You can also modify the permission levels assigned to each account, if the resource has unique permissions. For more information, see Working with SharePoint permission levels.

Note: If you see a message in the list of issues that the forest or domain could not be contacted, this could be because the trusted domain has not been synchronized with One Identity Manager.

To add or remove accounts from a SharePoint resource

  1. In the Navigation view, select Data Governance | Managed hosts.
  2. Open the Resource browser using one of the following methods:

    • Double-click the required SharePoint farm in the Managed hosts view.
    • Select the required SharePoint farm in the Managed hosts view and select Resource browser from the Tasks view or right-click menu.

    The web applications for the selected farm display. From here, you can browse the SharePoint hierarchy.

  3. Double-click to browse to the required resource.

    When a resource is selected, the security settings for the resource display in the Permissions pane (lower pane).

  4. To add an account, click Add Account, then browse to the required account.

    Note: To add SharePoint groups, ensure that you set the Location to SharePoint. Only groups from the current site are shown.

  5. In the Permissions pane, click in the Permission Levels column that corresponds to the newly added account.

    A pop-up appears displaying all the permission levels available. Select the permissions levels to assign to the new account and press Enter.

  6. To remove an account, select the account in the Permissions pane, click Remove Account and then click Yes.
  7. Click the Save tool bar button to save your selections.

To modify the permission levels assigned to an account

  1. In the Navigation view, select Data Governance | Managed hosts.
  2. Open the Resource browser using one of the following methods:

    • Double-click the required SharePoint farm in the Managed hosts view.
    • Select the required SharePoint farm in the Managed hosts view and select Resource browser from the Tasks view or right-click menu.

    The web applications for the selected farm display in the lower pane.

  3. For the account that you want to manage, click in the corresponding Permission Levels column to display the permission levels list.
  4. Select the required permission levels.

    You can see the permissions included in a permission level by hovering your cursor over the level, and you can hover over an individual permission to see its description.

  5. Press Enter to save your selections and close the permission levels list.
  6. Click the Save tool bar button to save your changes.

Working with SharePoint permission levels

SharePoint permissions are a collection of list, site, and personal permissions designed to provide the appropriate level of access for a given group of users. Permission levels are unique for each site collection. Although permission levels are created and managed at the site collection level, Data Governance Edition allows you to manage permissions regardless of your context, and resolves your permission level changes to the appropriate site collection. You can create a permission level at anytime, as long as you have the Manage Permissions permission on the site collection. You can also edit existing permission levels, and delete those you no longer need.

You may want to view the details of existing permission levels before creating new ones. The fewer well-designed permission levels you have, the easier your site permissions are to manage.

Note: If you see a message in the list of issues that the forest or domain could not be contacted, this could be because the trusted domain has not been synchronized with One Identity Manager.

To view the permissions contained in a permission level by viewing a resource

  1. In the Navigation view, select Data Governance | Managed hosts.
  2. Open the Resource browser using one of the following methods:

    • Double-click the required SharePoint farm in the Managed hosts view.
    • Select the required SharePoint farm in the Managed hosts view and select Resource browser from the Tasks view or right-click menu.
  3. In the Resource browser, double-click through the farm to locate the required resource.

    The security for the resource displays in the Permissions pane (lower pane).

    A message across the top of the pane indicates whether permissions are inherited or unique.

  4. In the Permissions pane, click in the corresponding Permission Levels column for one of the accounts listed.

    A pop-up appears displaying all the permission levels available. The permission levels assigned to the selected account are marked with a check mark. To see the permissions included in a permission level, hover your cursor over the permission level. You can also hover your cursor over an individual permission to see its description.

  5. Press Enter to save your selection and close the permission levels list.

To view the permissions contained in a permission level using the Permission Levels dialog

  1. In the Resource browser, double-click through to a resource within the site you want to examine.
  2. In the lower pane, click the Permission Levels tool bar button.
  3. In the left pane of the Permission Levels dialog, select a permission level.

    The permissions included in the level are shown on the right side of the dialog.

  4. Click OK to close the Permission Levels dialog.

Creating a SharePoint permission level

If you need a new combination of permissions to achieve your security goals, you can create it through the Resource browser. Regardless of the object you have selected, the permission level is associated with the site collection, and is available for use with any object in the site collection.

To create a SharePoint permission level

  1. In the Resource browser, double-click through the farm to locate the required resource.

    The security for the resource displays in the lower pane.

  2. In the lower pane, select the Permission Levels tool bar button.
  3. In the Permission Levels dialog, click New.
  4. Provide a unique name and a description for the permission level.
  5. Select the required permissions.

    Some permissions are actually collections of permissions. For example, when you select Manage Lists, additional permissions required to perform this task, such as View Pages and Open, are also selected.

  6. Click OK.

Deleting a SharePoint permission level

If you no longer need a permission level, you can delete it.

Note: When you delete a permission level, you may be leaving users or groups without their accustomed access to SharePoint. Ensure that you have assigned appropriate permission levels to all affected accounts before deleting a permission level.

To delete a SharePoint permission level

  1. In the Resource browser, double-click through the farm to locate the required resource.

    The security for the resource displays in the lower pane.

  2. In the lower pane, click the Permission Levels tool bar button.
  3. On the Permission Levels dialog, select the permission level to be removed.
  4. Click Delete.
  5. Click Yes on the confirmation dialog.
  6. Click OK to exit the Permission Levels dialog.
Related Documents