Skip to content

Custom User Levels

Limited Availability

This page describes a Limited Availability feature.

Admins can create named user levels and customize what rights those user levels grant. Custom user levels provide least privileged access, an essential part of good identity governance. Your newly created custom user levels are unique to your specific tenant.

While you can’t edit the default user levels provided by SailPoint, admins can edit the permissions in your custom user levels.

As is the case with SailPoint’s standard user levels, users will have the combined access of all user levels assigned to them.

Adding a Custom User Level

You can add a new custom user level to your tenant.

  1. Go to Admin > Global > User Levels.
  2. Select New User Level.
  3. Enter a name, description, and owner for your new user level.
  4. Select Save Draft.
  5. On the left navigation, select Permissions > Access.
  6. Select Select Permissions.
  7. Use the checkboxes to select access permissions to add to the custom user level.
  8. Select Add.
  9. Permissions are listed on the Access page.
  10. On the left navigation, select Permissions > Identity.
  11. Select Select Permissions.
  12. Use the checkboxes to select identity permissions to add to the custom user level.
  13. Permissions are listed on the Identity page.
  14. On the left navigation, select Review.
  15. Review your custom user level, then select Save Draft to save an inactive draft or Apply Changes to save and apply, making your user level active and ready for use.
    • In the Apply Changes confirmation, select Cancel or Apply Changes.
  16. Select X to close the details page.
  17. The new user level appears on the User Levels page.

On the User Levels page, the Status column lets you know whether a custom user level is active and available to be assigned to users, or a draft, which is not able to be assigned to users.

Managing Custom User Levels

Once you have added custom user levels to your tenant, you can edit details, add permissions, or remove permissions from them. Set user level permissions for users and remove them the same way you do for default user levels.

Editing User Level Details

You can make changes to custom user levels in your tenant.

  1. Go to Admin > Global > User Levels.
  2. Select the name of the user level you want to edit.
  3. On the User Level page, make any changes you want to the name, owner, or description.
  4. Select Save Draft on this page or on the Review page. If the user level is active, go to the Review page and select Apply changes. A success message lets you know that the update was successful.
  5. Select X to close the page.

Adding User Level Permissions

You can add permissions to existing custom user levels.

  1. Go to Admin > Global > User Levels.
  2. Select the name of the user level you want to edit.
  3. On the left navigation, select Permissions > Access or Permissions > Identity.
  4. Select Select Permissions.
  5. Use the checkboxes to select permissions to add to the custom user level.
  6. Select Add.
  7. Review the updated permissions on the Access or Identity page.
  8. On the left navigation, select Review.
  9. Review your custom user level, then select Save Draft to save an inactive draft or Apply Changes to save and apply, making your user level active and ready for use.
    • In the Apply Changes confirmation, select Cancel or Apply Changes.
  10. Select X to close the details page.
  11. The new user level appears on the User Levels page.

Removing User Level Permissions

You can remove permissions from existing custom user levels.

  1. Go to Admin > Global > User Levels.
  2. Select the name of the user level you want to edit.
  3. On the left navigation, select Permissions > Access or Permissions > Identity.
  4. Find the permission you want to remove and select Remove on the right side of the card.
  5. On the left navigation, select Review.
  6. Review your custom user level, then select Save Draft to save an inactive draft or Apply Changes to save and apply, making your user level active and ready for use.
    • In the Apply Changes confirmation, select Cancel or Apply Changes.
  7. Select X to close the details page.

Deleting Custom User Levels

You can only delete custom user levels, not those that are provided by default. Before you can delete a custom user level, first you must remove all identities’ assignments to that user level. You can unassign identities either from the Identity List or from the User Level UI.

From the Identity List:

  1. Go to Admin > Identity > Identity List.
  2. Find identities and select Actions > Set User Levels.
  3. Toggle the custom user level that you want to delete to Off.
  4. Select Save.
  5. A success message confirms that the update was successful.

From the User Level UI:

  1. Go to Admin > Global > User Levels.
  2. Find and select the user level you want to delete.
  3. From the left navigation, select Identities.
  4. Select Unassign.
  5. A success message confirms that the update was successful.

It takes a few minutes for these changes to go into effect. Once the identities are removed and the user level is empty, you can delete the user level itself. If any identities are still assigned to the user level, an error message will let you know that it cannot be deleted because it is currently in use.

  1. Go to Admin > Global > User Levels.
  2. Find the user level you want to delete. In the Actions column, select Delete.
  3. A success message confirms that the user level was deleted and the entry is removed from the User Levels page.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.