User Rights Tab

The View Identity > User Rights tab enables you to set the capabilities and define controlled scope for the user. See Rights and Capabilities for Identities.

Capabilities determine which features in IdentityIQ the user can access. A complete list of IdentityIQ default capabilities and their associated features is available on Compass in the IdentityIQ Rights and Capabilities - Definitions document.

Note: The scope feature MUST be enabled for the scope information to display.

Field Name	Description
User Capabilities	The SailPoint capabilities available. The capabilities currently assigned to the user are highlighted on the list. Use the Ctrl and Shift keys to select multiple capabilities.
Assigned Scope	The scope the identity belongs to.
Can Access Assigned Scope	Select this option to manage whether the identity can access the scope to which they are assigned. True – the user can access objects within the scope to which they are assigned. False – the user cannot access objects within the scope to which they are assigned. Use System Default (<value>) – the user's access is based on the value of the setting defined in the Global Settings for IdentityIQ.
Authorized Scopes	The scopes the user has access to. If scopes are active, identities can only see objects that are within the scopes they have access to. Assign scopes to the identity using the field at the top of the Authorized Scopes list box. Select the arrow to the right of the field to display a list of all scopes defined. Enter a few letters in the field to display a list of all scopes that start with that letter string. Depending on configuration, objects with no scope assigned might be visible to all users with the correct capabilities.
Workgroups	The workgroups to which this identity belongs
Indirect Rights > Capabilities Assigned by Workgroups	IdentityIQ capabilities assigned to a workgroup to which this user belongs. Workgroup members automatically have the capabilities and scopes assigned to the workgroup.

Note: the System Administrator has access to all IdentityIQ features including Global Settings and Debug.


	You are here: