Skip to content

User Level Access Matrix

The following table shows the Identity Security Cloud pages and components that are accessible from the most common user levels. Refer to User Level Permissions for more information about each level.

For information about Data Access Security User Levels and Configuration Hub User Levels, follow the links at the bottom of this page.

Note

Multiple user levels can be granted to a user; however, the following cannot be assigned at the same time:

  • Role Admin and Source Sub-Admin
  • Role Sub-Admin and Source Admin
  • Role Sub-Admin and Role Admin
  • Source-Sub Admin and Source Admin
  • Source Admin and Source Configuration Assignee

The user's access is cumulative across all granted user levels.

  Admin Cert Admin Helpdesk Admin Report Admin Role Admin Sub-Admin Source Admin Sub-Admin Source Configuration Assignee Cloud Gov Admin/User Identity Graph Admin End User
Technical Name ORG_ADMIN CERT_ADMIN HELPDESK REPORT_ADMIN ROLE_ADMIN ROLE_SUBADMIN SOURCE_ADMIN SOURCE_SUBADMIN SOURCE_CONFIG_ASSIGNEE CLOUD_GOV_ADMIN
CLOUD_GOV_USER
IDENTITY_GRAPH_ADMIN  
    Details Details Details Details Details Details Details Details
Admin      
Dashboard            
Overview            
Access Intelligence Center 2     2            
Aggregation Activity            
Tasks            
Monitor            
Data Explore                
Identity Management              
Identities   3              
Machine Identities              
Accounts       4        
Access History                
Identity Profiles                  
Outliers                
Governance Groups                  
Activities                  
Access Model              
Entitlements         1        
Access Profiles         1        
Roles       1          
Role Insights                
Metadata                  
Segments                  
Applications                  
Connections                
Sources         1        
Virtual Appliances                  
Integrations                  
Multi-Host Sources                  
  Admin Cert Admin Helpdesk Admin Report
Admin
Role Admin
Sub-Admin
Source Admin
Sub-Admin
Source Configuration Assignee Cloud Gov Admin/User Identity Graph Admin End User
Certifications              
Campaigns              
Campaign Filters                
Password Mgmt                  
Policies                  
Sync Groups                  
Global          
Reports          
System Settings                  
Additional Settings                  
GenAI Settings                
Security Settings                  
Email Templates                  
Grant Tenant Access                  
Forms                  
Parameter Storage                  
Event Triggers                  
Workflows                  
Search          
Saved Search Queries          
Certification Campaigns                
Policies                  
Reports          
Role Discovery                
Dashboard Home  
Passwords  
Preferences  
Request Center  
Approvals  
Task Manager  
Certifications  
SailPoint CIEM                
Harbor Pilot                  
Identity Graph                

1 Sub-admins can access these pages only if they are members of the governance group for the associated source. Sub-admins have the ability to search all organization data, not just data associated with their governance group.

2 Access Intelligence Center can be accessed by Admins and Report Admins who have been granted the Author or Reader user level.

3 Helpdesk Admins can process identities but cannot manually set identity lifecycle states.

4 Source Admins can view all accounts. Sub-admins can only view accounts for sources associated with the governance groups they are members of.

Data Access Security User Levels

Refer to the following documentation for information about Data Access Security user levels.

Configuration Hub User Levels

Refer to the following documentation for information about Configuration Hub user levels.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.