Skip to content

User Levels

User levels are sets of permissions within Identity Security Cloud that administrators can grant to users. Generally, users cannot grant themselves user level permissions - only Admins can grant or remove user levels. If you configure your tenant to enable non-Org Admins to manage Identity Security Cloud user level entitlements, Role Admins and Source Admins are also able to elevate privileges.

If you grant someone a user level, it will appear in certifications as an entitlement that the reviewer can grant or revoke. For information on how to grant and remove user levels, refer to Setting User Level Permissions.

Users can be granted multiple user levels and will have the combined access of all levels assigned to them.

To view the user levels and associated privileges in a table format, refer to the User Level Access Matrix. Refer to User Level Permissions for additional information.

Enabling Non-Org Admins to Manage User Level Entitlements

Role Admins and Source Admins are highly privileged users that can globally enable or disable user level entitlements in Identity Security Cloud, if you enable them to do so. They can also view user level entitlements in the UI and APIs. By default, this feature is not enabled.

To enable non-Org Admins to manage user level entitlements:

  1. Go to Admin > Global > System Settings.
  2. Select System Features on the left navigation.
  3. Select the checkbox to Enable Non-Org Admins to Manage ISC User-Level Entitlements.
  4. Select Save.

Caution

Additional risk is introduced when you extend user level entitlement management to additional admin levels. Be sure to weigh your organization's needs against the associated risks before enabling this feature.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.