Skip to content

User Level Access Matrix

User levels are sets of permissions within IdentityNow that administrators can grant to users. The following table shows the IdentityNow pages and components that are accessible from each user level. For information on how to grant and remove user levels, refer to Setting User Level Permissions.

Note

Multiple user levels can be granted to a user. The user's access is cumulative across all granted user levels.

IdentityNow and AI Services

  Admin Cert
Admin
Helpdesk Report
Admin
Role Admin/
Sub‑admin*
Source Admin/
Sub‑admin*
Cloud Gov Admin/
Cloud Gov User
End
User
Technical Name ORG_ADMIN CERT_ADMIN HELPDESK REPORT_ADMIN ROLE_ADMIN ROLE_SUBADMIN SOURCE_ADMIN SOURCE_SUBADMIN CLOUD_GOV_ADMIN CLOUD_GOV_USER  
    Details Details Details Details Details Details  
Admin    
Dashboard        
Overview        
System Activity        
Tasks        
Monitor        
Data Explore            
Identities          
Identity List   ✓ **          
Access History            
Identity Profiles              
Outliers            
Governance Groups              
Activities              
Access          
Access Profiles         ✓ *    
Roles       ✓ *      
Role Insights            
Segments              
Applications              
Connections              
Sources         ✓ *    
Virtual Appliances              
Integrations              
Certifications          
Campaigns          
Campaign Filters            
Reassign Certifications            
  Admin Cert
Admin
Helpdesk Report
Admin
Role Admin/
Sub‑admin*
Source Admin/
Sub‑admin*
Cloud Gov Admin/
Cloud Gov User
End
User
Password Mgmt              
Policies              
Sync Groups              
Global      
Reports      
System Settings              
Additional Settings              
Security Settings              
Email Templates              
Event Triggers              
Workflows            
Search      
Saved Search Queries      
Certification Campaigns            
Policies              
Reports      
Role Discovery            
Dashboard Home
Passwords
Preferences
Request Center
Approvals
Task Manager
Certifications

* Sub-admins can access these pages only if they are members of the governance group for the associated source. Sub-admins have the ability to search all organization data, not just data associated with their governance group.

** Helpdesk Admins cannot manually set identity lifecycle states.

Cloud Governance Services

SailPoint Cloud Governance Services also include user levels to customize access.

Cloud Access Management

IdentityNow Admins can access Cloud Access Management if your organization has purchased and enabled it. IdentityNow Admins can also give other users access to Cloud Access Management by granting them the Cloud Gov User or Cloud Gov Admin user level.

Users with the Cloud Gov User (CLOUD_GOV_USER) user level can do the following:

  • View source data and information in Cloud Access Managment
  • Access IndentityNow with End User permissions

Users with the Cloud Gov Admin (CLOUD_GOV_ADMIN) user level can do the following:

  • Access Cloud Access Managment
    • Manage the sources page and add, edit, or delete cloud sources
    • Perform manual inventory refreshes
  • Access IndentityNow with End User permissions

SaaS Management

If your organization has purchased and enabled SailPoint SaaS Management, you can invite dashboard users to the application and assign them the Admin or Reader user level within SaaS Management.