立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Administration Guide for Connecting to SharePoint

Managing SharePoint environments Setting up SharePoint farm synchronization Basic data for managing a SharePoint environment SharePoint farms SharePoint web applications SharePoint site collections and sites SharePoint user accounts SharePoint roles and groups
SharePoint groups SharePoint roles and permission levels
Permissions for SharePoint web applications Reports about SharePoint objects Configuration parameters for managing a SharePoint environment Default project template for SharePoint

Displaying the SharePoint permission level overview

To obtain an overview of a permission level

  1. Select the SharePoint > Permission levels category.
  2. Select the permission level in the result list.
  3. Select the SharePoint permission level overview task.

Assigning permissions

You can assign One Identity Manager permission levels in SharePoint. Only valid permissions for web applications can be assigned. User account obtain these site permissions through a SharePoint internal inheritance procedure.

Permissions may depend on other permissions. SharePoint assigns these dependent permissions automatically. For example, the permissions "view pages", "browse user information", and "open" are always passed down with the permission "create groups".

NOTE: Dependent permissions cannot be automatically assigned in the One Identity Manager.

To assign permissions to permission levels

  1. Select the SharePoint > Permission levels category.
  2. Select the permission level in the result list.
  3. Select the Assign permission task.
  4. In the Add assignments pane, assign permission.

    - OR -

    In the Remove assignments pane, remove permission.

  5. Save the changes.
Related topics

Special synchronization cases for valid permissions

If you remove permissions from the list of valid permissions for a web application in SharePoint, the permissions cannot be assigned to permission levels within the web application from this point on. Assignments to permission levels that already exist for these permissions remain intact but are not active. These permissions are deleted from the SPSWebAppHasPermission table during synchronization. Assignments to permission levels that already exist for these permissions are not changed. Inactive permissions are displayed in the permission levels' overview.

Entering main data of SharePoint roles

Table 34: Configuration parameters for setting up SharePoint roles
Configuration parameter Meaning
QER | CalculateRiskIndex Preprocessor relevant configuration parameter controlling system components for calculating the risk index. Changes to the parameter require recompiling the database.

If the parameter is enabled, values for the risk index can be entered and calculated.

To edit SharePoint role main data

  1. Select the SharePoint > Roles category.
  2. Select the SharePoint role in the result list. Select the Change main data task.
  3. Enter the required data on the main data form.
  4. Save the changes.

The following properties are displayed for SharePoint roles.

Table 35: SharePoint role properties
Property Description
Display name SharePoint role display name.
Permission level Unique identifier for the permission level on which the SharePoint role is based.
Site Unique identifier for the site that inherits its permissions from the SharePoint role.
Risk index

Value for evaluating the risk of assigning the SharePoint role to user accounts. Enter a value between 0 and 1. The field is only visible if the “QER | CalculateRiskIndex” configuration parameter is set.

Description Text field for additional explanation.
Service item Service item data for requesting the group through the IT Shop.

IT Shop

Specifies whether the SharePoint role can be requested through the IT Shop. This SharePoint role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint role can still be assigned directly to user accounts and hierarchical roles.

Only for use in IT Shop

Specifies whether the SharePoint role can only be requested through the IT Shop. This SharePoint role can be requested by staff through the Web Portal and granted through a defined approval procedure. The SharePoint role may not be assigned directly to hierarchical roles.

NOTE: If the SharePoint role references a permission level for which the Hidden option is set, the options IT Shop and Only use in IT Shop cannot be set. You cannot assign these SharePoint roles to user accounts or groups.
Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级