User Level Access Matrix
User levels are sets of permissions within IdentityNow that administrators can grant to users. The following table shows the IdentityNow pages and components that are accessible from each user level. For information on how to grant and remove user levels, read Granting and Removing User Level Permissions.
IdentityNow and AI Services
| Admin | Cert Admin |
Helpdesk | Report Admin |
Role Admin/ Sub‑admin* |
Source Admin/ Sub‑admin* |
End User |
|
| Technical Name | ORG_ADMIN | CERT_ADMIN | HELPDESK | REPORT_ADMIN | ROLE_ADMIN ROLE_SUBADMIN | SOURCE_ADMIN SOURCE_SUBADMIN | |
| Details | Details | Details | Details | Details | |||
| Admin | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Dashboard | ✓ | ✓ | ✓ | ✓ | |||
| Overview | ✓ | ✓ | ✓ | ✓ | |||
| System Activity | ✓ | ✓ | ✓ | ✓ | |||
| Tasks | ✓ | ✓ | ✓ | ✓ | |||
| Monitor | ✓ | ✓ | ✓ | ✓ | |||
| Data Explore | ✓ | ✓ | |||||
| Identities | ✓ | ✓ | ✓ | ||||
| Identity List | ✓ | ✓ | |||||
| Access History | ✓ | ✓ | |||||
| Identity Profiles | ✓ | ||||||
| Governance Groups | ✓ | ||||||
| Activities | ✓ | ||||||
| Access | ✓ | ✓ | ✓ | ||||
| Access Profiles | ✓ | ✓ * | |||||
| Roles | ✓ | ✓ * | |||||
| Role Insights | ✓ | ✓ | |||||
| Segments | ✓ | ||||||
| Applications | ✓ | ||||||
| Connections | ✓ | ||||||
| Sources | ✓ | ✓ * | |||||
| Virtual Appliances | ✓ | ||||||
| Integrations | ✓ | ||||||
| Certifications | ✓ | ✓ | ✓ | ||||
| Campaigns | ✓ | ✓ | ✓ | ||||
| Campaign Filters | ✓ | ✓ | |||||
| Reassign Certifications | ✓ | ✓ | |||||
| Admin | Cert Admin |
Helpdesk | Report Admin |
Role Admin/ Sub‑admin* |
Source Admin/ Sub‑admin* |
End User |
|
| Password Mgmt | ✓ | ||||||
| Policies | ✓ | ||||||
| Sync Groups | ✓ | ||||||
| Global | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| Reports | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| System Settings | ✓ | ||||||
| Additional Settings | ✓ | ||||||
| Security Settings | ✓ | ||||||
| Email Templates | ✓ | ||||||
| Event Triggers | ✓ | ||||||
| Workflows | ✓ | ||||||
| Search | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| Saved Search Queries | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| Certification Campaigns | ✓ | ✓ | |||||
| Policies | ✓ | ||||||
| Reports | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| Role Discovery | ✓ | ✓ | |||||
| Dashboard Home | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Passwords | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Preferences | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Request Center | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Approvals | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Task Manager | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Certifications | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
* Sub-admins can access these pages only if they are members of the governance group for the associated source. Sub-admins have the ability to search all organization data, not just data associated with their governance group.
Cloud Governance Services
SailPoint Cloud Governance Services also include user levels to customize access.
Cloud Access Management
IdentityNow Admins can access Cloud Access Management if your organization has purchased and enabled it. IdentityNow Admins can also give other users access to Cloud Access Management by granting them the following user levels:
- Cloud Gov Admin (CLOUD_GOV_ADMIN)
- Cloud Gov User (CLOUD_GOV_USER)
SaaS Management
If your organization has purchased and enabled SailPoint SaaS Management, you can invite dashboard users to the application and assign them the Admin or Reader user level within SaaS Management.