Skip to content

User Level Descriptions

The following capabilities are default capabilities with Data Access Security. You can create custom capabilities to fit your needs.

Warning

The system capabilities described below should not be removed or modified.

Auditor

The auditor capability is designed for users who perform internal audits and assist in external audits of user access information within the organization.

The auditor rights include:

An auditor capability is assigned Full Scope by default. This allows users with this capability to see and run reports on all resources. However, it does not allow auditor users to take actions on resources that have not been assigned to them. See Scope within the Configuring Data Access Security section of the Administrator help.

Data Owner

This is a capability automatically associated with anyone assigned as an owner of any business resource. Users who are assigned this role are the data owners of all resources in their scope.

The data owner rights include:

  • Seeing and managing user access information for business resources in their scope.

Compliance Manager

The compliance manager rights include:

The compliance manager capability is assigned Full Scope by default. This allows users in this capability to see and run reports on all resources. However, it does not allow the compliance manager users actions that require specific resources to be assigned to them. See Scope within the Configuring Data Access Security section of the Administrator help.

Administrator

The administrator has all rights in Data Access Security enabled, except for Reviewer.

The administrator rights include:

  • View the administrator dashboard and statistics.
  • See and manage user access information for all business resources.
  • Configure settings for Data Access Security.
  • Access rights granted to anyone with Administrator capability.
  • The Report Templates Administrator right.

The administrator capability is assigned Full Scope by default. This allows users in this capability to see and run reports on all resources. However, it does not allow the administrator users actions that require specific resources to be assigned to them. See Scope within the Configuring Data Access Security section of the Administrator help.

For a full description of the rights set per capability, see the web_permission table in the Data Access Security database.

The capabilities in your system can be modified and new capabilities added by the administrators and implementation teams.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.