Identity Manager 8.1 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles
Handling of SharePoint Online objects in Web Portal Basic data for managing a SharePoint Online environment Appendix: Configuration parameters for managing SharePoint Online Appendix: Default project template for SharePoint Online Appendix: Editing system objects About us

General master data for SharePoint Online roles

The following properties are displayed for SharePoint Online roles.

Table 34: General master data for a SharePoint Online role
Property Description
Display name SharePoint Online role display name.
Permission level Unique identifier for the permission level on which the SharePoint Online role is based.
Site Unique identifier for the site that inherits its permissions from the SharePoint Online role.
Service item Service item data for requesting the role through the IT Shop.

Category

Categories for role inheritance. User accounts can inherit roles selectively. To do this, roles and user accounts are divided into categories. Select one or more categories from the menu.

Description Spare text box for additional explanation.

IT Shop

Specifies whether the SharePoint Online role can be requested through the IT Shop. This SharePoint Online role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint Online role can still be assigned directly to employees and hierarchical roles.

Only for use in IT Shop

Specifies whether the SharePoint Online role can only be requested through the IT Shop. This SharePoint Online role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint Online role may not assigned directly to hierarchical roles.

Note: If the SharePoint Online role references a permission level for which the Hidden option is set, the options IT Shop and Only use in IT Shop cannot be set. You cannot assign these SharePoint Online roles to user accounts or groups.
Detailed information about this topic

Additional tasks for managing SharePoint Online roles

After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.

Task

Theme

Overview of SharePoint Online Groups

Overview of SharePoint Online roles

assign user accounts

Assigning SharePoint Online user accounts directly to an entitlement

assign group

Assigning SharePoint Online groups to SharePoint Online roles

Assign system roles

Include SharePoint Online entitlements in system roles

Assign business roles

Assigning SharePoint Online permissions to business roles

Assign organizations

Assigning SharePoint Online permissions to departments, cost centers, and locations

SharePoint Online Exclude roles

Effectiveness of SharePoint Online roles

Assigning extended properties

Assigning extended properties to a SharePoint Online group

Synchronize object

Synchronizing single objects

Overview of SharePoint Online roles

To obtain an overview of a role

  1. In Manager, select SharePoint Online | Roles.

  2. Select the role in the result list.

  3. Select SharePoint Online role overview.

Effectiveness of SharePoint Online roles

The behavior described under Effectiveness of SharePoint Online entitlement assignments can also be used for SharePoint Online roles.

The effect of the assignments is mapped in the tables O3SUserHasO3SRLAssign and BaseTreeHasO3SRLAssign through the XIsInEffect column.

Prerequisites
  • The configuration parameter QER | Structures | Inherite | GroupExclusion is enabled.
  • Mutually exclusive SharePoint Online roles belong to the same site collection.

To exclude SharePoint Online roles

  1. In the Manager, select the category SharePoint Online | Roles.
  2. Select the role in the result list.
  3. In the task view, select Exclude SharePoint Online roles.
  4. Assign the roles that are mutually exclusive to the selected role in Add assignments.

    - OR -

    In the Remove assignments view, remove the roles that no longer exclude each other.

  5. Save the changes.
Detailed information about this topic
Related Documents