Custom User Level Matrices
Custom user levels provide least privileged access that are unique to your specific tenant. These may be built from various access permissions, identity permissions, and connections permissions, as detailed below.
Access Permissions
The following permissions are related to access.
| Access Profiles Read Only | Access Profiles Management | Roles Read Only | Roles Management | Entitlements Read Only | Entitlements Management | |
| Access Profiles | View | ✓ | ✓ | Create | ✓ | Manage | ✓ | Delete | ✓ |
| Roles | View | ✓ | ✓ | Create | ✓ | Manage | ✓ | Delete | ✓ |
| Entitlements | View | ✓ | ✓ | Create | ✓ | Manage | ✓ | Delete | ✓ |
Identity Permissions
The following are identity read-only permissions.
| Identity Read Only | Identity Details | Identity Events | Identity Accounts | Identity Access | Work Reassignment | View Identity Details | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | View Identity Events | ✓ | ✓ | View Identity Accounts | ✓ | ✓ | View Identity Access | ✓ | ✓ | View Work Reassignment | ✓ | ✓ |
The following are identity management permissions.
| Identity Management | Identity Accounts Management | Revoke Identity Access | Enable Identity | Delete Identity | Invite Identity | Export Identity List | Export Identity Events | Set Lifecycle State | Add and Delete Work Reassignment | Process Identity | Reset Identity | Set User Levels | Reset MFA | Disable Identity | Synchronize Attributes | Reset Password | View Identities | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | Manage Identities | ✓ | Delete Identities | ✓ | ✓ |
| Account Attributes and Objects for Identity Accounts | View | ✓ | ✓ | Manage | ✓ | ✓ | Remove | ✓ | ✓ | ||||||||
| Access to Entitlements, Roles, and Access Profiles | Revoke | ✓ | ✓ | ||||||||||||||
| Identity Functions (with Read Only for Identities) | Enable Identities | ✓ | ✓ | Invite Identities | ✓ | ✓ | Export Identity List | ✓ | ✓ | Export System Activity Events | ✓ | ✓ | Change a Lifecycle State | ✓ | ✓ | Add and Delete Work Reassignment | ✓ | ✓ | Process Identity | ✓ | ✓ | Reset Identity | ✓ | ✓ | Reset Password | ✓ | ✓ | Reset MFA | ✓ | ✓ | Set User Levels | ✓ | ✓ | Synchronize Attributes | ✓ | ✓ | Disable Identity | ✓ | ✓ |
The following are additional identity permissions.
| Identity Access History Read Only | Human and Uncorrelated Accounts Read Only | Human and Uncorrelated Accounts Management | |
| Access History Page | View | ✓ | |
| Human and Uncorrelated Accounts | View | ✓ | ✓ | Manage | ✓ | Remove | ✓ |
Connections Permissions
The following permissions are related to connections.
| VA Read Only | VA Management | |
| Virtual Appliances | View | ✓ | ✓ | Create | ✓ | Manage | ✓ | Delete | ✓ |
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.