Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to SharePoint

Managing SharePoint Environments Setting Up SharePoint Farm Synchronization Basic Data for Managing SharePoint SharePoint Farms SharePoint Web Applications SharePointSite Collections and Sites SharePoint User Accounts SharePoint Roles and Groups
SharePoint Groups SharePoint Roles and Permission Levels
Permissions for SharePoint Web Applications Reports about SharePoint Site Collections Appendix: Configuration Parameters for Managing SharePoint Appendix: Default Project Template for SharePoint

Additional Tasks for Managing SharePoint Roles

Additional Tasks for Managing SharePoint Roles

After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.

Overview of SharePoint Rules

Overview of SharePoint Rules

To obtain an overview of a SharePoint role

  1. Select the category SharePoint | Hierarchical view | <Farm> | Web applications | <web application> | <site collection> | <site> | Roles.
  2. Select the role in the result list.
  3. Select SharePoint role overview in the task view.

Effectiveness of SharePoint Roles

Effectiveness of SharePoint Roles

Table 44: Configuration Parameter for Conditional Inheritance
Configuration parameter Active Meaning

QER\Structures\Inherite\GroupExclusion

Preprocessor relevant configuration parameter for controlling effectiveness of group memberships. If the parameter is set, memberships can be reduced on the basis of exclusion definitions. Changes to the parameter require recompiling the database.

When SharePoint roles are assigned to user accounts an employee may obtain two or more SharePoint roles, which are not permitted in this combination. To prevent this, you can declare mutually exclusive SharePoint roles. To do this, you specify which of the two SharePoint roles should apply to the user accounts if both of the SharePoint roles are assigned.

It is possible to assign an excluded SharePoint roles directly, indirectly or by IT Shop request at any time. One Identity Manager determines whether the assignment is effective.

NOTE:

  • You cannot define a pair of mutually exclusive SharePoint roles. That means, the definition "SharePoint role A excludes SharePoint role B" AND "SharePoint role B excludes SharePoint role A" is not permitted.
  • You must declare each SharePoint role to be excluded from a SharePoint roles separately. Exclusion definitions cannot be inherited.
  • The exclusion definition does not effect SharePoint roles that are inherited by user accounts through SharePoint groups.

The effect of the assignments is mapped in the tables SPSUserHasSPSRLAssign and BaseTreeHasSPSRLAssign though the column XIsInEffect.

Prerequisites
  • The configuration parameter "QER\Inherite\GroupExclusion" is enabled.
  • Mutually exclusive SharePoint roles belong to the same site collection.

To exclude SharePoint roles

  1. Select the category SharePoint | Hierarchical view | <Farm> | Web applications | <web application> | <site collection> | <site> | Roles.
  2. Select the role in the result list.
  3. Select Exclude SharePoint roles in the task view.
  4. Assign the roles that are mutually exclusive to the selected role in Add assignments.

    - OR -

    Remove roles that are no longer mutually exclusive in Remove assignments.

  5. Save the changes.
Detailed information about this topic

Deleting SharePoint Roles and Permission Levels

Deleting SharePoint Roles and Permission Levels

You cannot delete SharePoint roles in the Manager. They are deleted by the DBQueue Processor when the associated permission level is deleted.

To delete a permission level

  1. Select the category SharePoint | Permission levels.
  2. Select the permission level in the result list.
  3. Click to delete the permission level.
  4. Confirm the security prompt with Yes.

If deferred deletion is configured, the permission level is marked for deletion and finally deleted after the deferred deletion period has expired. During this period, the permission level can be restored. Permission levels with deferred deletion of 0 days are deleted immediately.

To restore a permission level

  1. Select the category SharePoint | Permission levels.
  2. Select the permission level marked for deletion in the result list.
  3. Click in the result list toolbar.
Related Topics
  • One Identity Manager Configuration Guide
Related Documents