User Level Access Matrix
User levels are sets of permissions within IdentityNow that administrators can grant to users. The following table shows the IdentityNow pages and components that are accessible from each user level. For information on how to grant and remove user levels, refer to Setting User Level Permissions.
Note
Multiple user levels can be granted to a user. The user's access is cumulative across all granted user levels.
IdentityNow and AI Services
| Admin | Cert Admin |
Helpdesk | Report Admin |
Role Admin/ Sub‑admin* |
Source Admin/ Sub‑admin* |
Cloud Gov Admin/ Cloud Gov User |
End User |
|
| Technical Name | ORG_ADMIN | CERT_ADMIN | HELPDESK | REPORT_ADMIN | ROLE_ADMIN ROLE_SUBADMIN | SOURCE_ADMIN SOURCE_SUBADMIN | CLOUD_GOV_ADMIN CLOUD_GOV_USER | |
| Details | Details | Details | Details | Details | Details | |||
| Admin | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| Dashboard | ✓ | ✓ | ✓ | ✓ | ||||
| Overview | ✓ | ✓ | ✓ | ✓ | ||||
| System Activity | ✓ | ✓ | ✓ | ✓ | ||||
| Tasks | ✓ | ✓ | ✓ | ✓ | ||||
| Monitor | ✓ | ✓ | ✓ | ✓ | ||||
| Data Explore | ✓ | ✓ | ||||||
| Identities | ✓ | ✓ | ✓ | |||||
| Identity List | ✓ | ✓ ** | ||||||
| Access History | ✓ | ✓ | ||||||
| Identity Profiles | ✓ | |||||||
| Outliers | ✓ | ✓ | ||||||
| Governance Groups | ✓ | |||||||
| Activities | ✓ | |||||||
| Access | ✓ | ✓ | ✓ | |||||
| Access Profiles | ✓ | ✓ * | ||||||
| Roles | ✓ | ✓ * | ||||||
| Role Insights | ✓ | ✓ | ||||||
| Segments | ✓ | |||||||
| Applications | ✓ | |||||||
| Connections | ✓ | |||||||
| Sources | ✓ | ✓ * | ||||||
| Virtual Appliances | ✓ | |||||||
| Integrations | ✓ | |||||||
| Certifications | ✓ | ✓ | ✓ | |||||
| Campaigns | ✓ | ✓ | ✓ | |||||
| Campaign Filters | ✓ | ✓ | ||||||
| Reassign Certifications | ✓ | ✓ | ||||||
| Admin | Cert Admin |
Helpdesk | Report Admin |
Role Admin/ Sub‑admin* |
Source Admin/ Sub‑admin* |
Cloud Gov Admin/ Cloud Gov User |
End User |
|
| Password Mgmt | ✓ | |||||||
| Policies | ✓ | |||||||
| Sync Groups | ✓ | |||||||
| Global | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| Reports | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| System Settings | ✓ | |||||||
| Additional Settings | ✓ | |||||||
| Security Settings | ✓ | |||||||
| Email Templates | ✓ | |||||||
| Event Triggers | ✓ | |||||||
| Workflows | ✓ | |||||||
| Search | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| Saved Search Queries | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| Certification Campaigns | ✓ | ✓ | ||||||
| Policies | ✓ | |||||||
| Reports | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| Role Discovery | ✓ | ✓ | ||||||
| Dashboard Home | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Passwords | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Preferences | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Request Center | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Approvals | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Task Manager | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Certifications | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
* Sub-admins can access these pages only if they are members of the governance group for the associated source. Sub-admins have the ability to search all organization data, not just data associated with their governance group.
** Helpdesk Admins cannot manually set identity lifecycle states.
Cloud Governance Services
SailPoint Cloud Governance Services also include user levels to customize access.
Cloud Access Management
IdentityNow Admins can access Cloud Access Management if your organization has purchased and enabled it. IdentityNow Admins can also give other users access to Cloud Access Management by granting them the Cloud Gov User or Cloud Gov Admin user level.
Users with the Cloud Gov User (CLOUD_GOV_USER) user level can do the following:
- View source data and information in Cloud Access Managment
- Access IndentityNow with End User permissions
Users with the Cloud Gov Admin (CLOUD_GOV_ADMIN) user level can do the following:
- Access Cloud Access Managment
- Manage the sources page and add, edit, or delete cloud sources
- Perform manual inventory refreshes
- Access IndentityNow with End User permissions
SaaS Management
If your organization has purchased and enabled SailPoint SaaS Management, you can invite dashboard users to the application and assign them the Admin or Reader user level within SaaS Management.