To enable a quick response to special requests, you can assign entitlements directly to a user account.
To assign entitlements directly to a user account
Select the category SharePoint Online | User accounts.
Select the user account in the result list.
Select one of the following tasks.
Assign groups
Assign SharePoint Online roles
Assign the entitlements in the Add assignments area.
- OR -
Remove the entitlements in the Remove assignments area.
In order for SharePoint Online user groups to obtain permissions for individual websites, assign SharePoint Online roles to the groups. SharePoint Online roles and groups must belong to the same site collection.
|
NOTE: SharePoint Online Roles that reference permission levels with the Hidden option enabled cannot be assigned to groups. |
To assign SharePoint Online roles to a group
- OR -
In Remove assignments, remove the roles.
In order for SharePoint Online user groups to obtain permissions for individual websites, assign SharePoint Online roles to the groups. SharePoint Online roles and groups must belong to the same site collection.
|
NOTE: SharePoint Online Roles that reference permission levels with the Hidden option enabled cannot be assigned to groups. |
To assign groups to a SharePoint Online role
- OR -
Remove groups from Remove assignments.
Configuration parameter | Effect when set |
---|---|
QER | Structures | Inherite | GroupExclusion |
Preprocessor relevant configuration parameter for controlling effectiveness of group memberships. If the parameter is set, memberships can be reduced on the basis of exclusion definitions. Changes to the parameter require recompiling the database. |
When groups are assigned to user accounts an employee may obtain two or more groups, which are not permitted in this combination. To prevent this, you can declare mutually exclusive groups. To do this, you specify which of the two groups should apply to the user accounts if both are assigned.
It is possible to assign an excluded group directly, indirectly or by IT Shop request at any time. One Identity Manager determines whether the assignment is effective.
|
NOTE:
|
The effectiveness of the assignments is mapped in the
Clara Harris has a user account
By using suitable controls, you want to prevent an employee from
Effective Group |
Excluded Group |
---|---|
Group A |
|
Group B |
Group A |
Group C |
Group B |
Employee |
Member in Role |
Effective Group |
---|---|---|
Ben King |
Marketing |
Group A |
Jan Bloggs |
Marketing, finance |
Group B |
Clara Harris |
Marketing, finance, control group |
Group C |
Jenny Basset |
Marketing, control group |
Group A, Group C |
Only the group C assignment is in effect for Clara Harris. It is published in the target system. If Clara Harris leaves the business role "control group" at a later date, group B also takes effect.
The groups A and C are in effect for Jenny Basset because the groups are not defined as mutually exclusive. If this should not be allowed, define further exclusion for group C.
Employee |
Member in Role |
Assigned Group |
Excluded Group |
Effective Group |
---|---|---|---|---|
Jenny Basset
|
Marketing |
Group A |
|
Group C
|
Control group |
Group C |
Group B
Group A |
The configuration parameter QER | Structures | Inherite | GroupExclusion is enabled.
Mutually exclusive groups belong to the same site collection.
To exclude a group
In Manager, select SharePoint Online | Groups.
Select Exclude groups.
Assign the groups that are mutually exclusive to the selected group in Add assignments.
- OR -
In Remove assignments, remove the groups that are not longer mutually exclusive.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy