User Level Access Matrix

The following table shows the Identity Security Cloud pages and components that are accessible from the most common user levels. Refer to User Level Permissions for more information about each level.

For information about Data Access Security User Levels and Configuration Hub User Levels, follow the links at the bottom of this page.

Note

Multiple user levels can be granted to a user; however, the following cannot be assigned at the same time:

Role Admin and Source Sub-Admin
Role Sub-Admin and Source Admin
Role Sub-Admin and Role Admin
Source-Sub Admin and Source Admin
Source Admin and Source Configuration Assignee

The user's access is cumulative across all granted user levels.

	Admin	Cert Admin	Helpdesk Admin	Report Admin	Role Admin Sub-Admin	Source Admin Sub-Admin	Source Configuration Assignee	Cloud Gov Admin/User	Identity Graph Admin	End User
Technical Name	ORG_ADMIN	CERT_ADMIN	HELPDESK	REPORT_ADMIN	ROLE_ADMIN ROLE_SUBADMIN	SOURCE_ADMIN SOURCE_SUBADMIN	SOURCE_CONFIG_ASSIGNEE	CLOUD_GOV_ADMIN CLOUD_GOV_USER	IDENTITY_GRAPH_ADMIN
		Details	Details	Details	Details	Details	Details	Details	Details
Admin	✓	✓	✓	✓	✓	✓	✓
Dashboard	✓			✓	✓	✓
Overview	✓			✓	✓	✓
Access Intelligence Center	✓2			✓2
Aggregation Activity	✓			✓	✓	✓
Tasks	✓			✓	✓	✓
Monitor	✓			✓	✓	✓
Data Explore	✓			✓
Identity Management	✓		✓	✓
Identities	✓		✓3
Machine Identities	✓		✓			✓
Accounts	✓		✓			✓4
Access History	✓			✓
Identity Profiles	✓
Outliers	✓			✓
Governance Groups	✓
Activities	✓
Access Model	✓				✓	✓
Entitlements	✓					✓1
Access Profiles	✓					✓1
Roles	✓				✓1
Role Insights	✓				✓
Metadata	✓
Segments	✓
Applications	✓
Connections	✓						✓
Sources	✓					✓1
Virtual Appliances	✓
Integrations	✓
Multi-Host Sources	✓
	Admin	Cert Admin	Helpdesk Admin	Report Admin	Role Admin Sub-Admin	Source Admin Sub-Admin	Source Configuration Assignee	Cloud Gov Admin/User	Identity Graph Admin	End User
Certifications	✓	✓		✓
Campaigns	✓	✓		✓
Campaign Filters	✓	✓
Password Mgmt	✓
Policies	✓
Sync Groups	✓
Global	✓	✓		✓	✓	✓
Reports	✓	✓		✓	✓	✓
System Settings	✓
Additional Settings	✓
GenAI Settings	✓					✓
Security Settings	✓
Email Templates	✓
Grant Tenant Access	✓
Forms	✓
Parameter Storage	✓
Event Triggers	✓
Workflows	✓
Search	✓	✓		✓	✓	✓
Saved Search Queries	✓	✓		✓	✓	✓
Certification Campaigns	✓	✓
Policies	✓
Reports	✓	✓		✓	✓	✓
Role Discovery	✓				✓
Dashboard Home	✓	✓	✓	✓	✓	✓	✓		✓	✓
Passwords	✓	✓	✓	✓	✓	✓	✓		✓	✓
Preferences	✓	✓	✓	✓	✓	✓	✓		✓	✓
Request Center	✓	✓	✓	✓	✓	✓	✓		✓	✓
Approvals	✓	✓	✓	✓	✓	✓	✓		✓	✓
Task Manager	✓	✓	✓	✓	✓	✓	✓		✓	✓
Certifications	✓	✓	✓	✓	✓	✓	✓		✓	✓
SailPoint CIEM	✓						✓
Harbor Pilot	✓
Identity Graph	✓								✓

¹ Sub-admins can access these pages only if they are members of the governance group for the associated source. Sub-admins have the ability to search all organization data, not just data associated with their governance group.

² Access Intelligence Center can be accessed by Admins and Report Admins who have been granted the Author or Reader user level.

³ Helpdesk Admins can process identities but cannot manually set identity lifecycle states.

⁴ Source Admins can view all accounts. Sub-admins can only view accounts for sources associated with the governance groups they are members of.

Data Access Security User Levels

Refer to the following documentation for information about Data Access Security user levels.

Configuration Hub User Levels

Refer to the following documentation for information about Configuration Hub user levels.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.