Skip to content

User Level Access Matrix

The following table shows the Identity Security Cloud pages and components that are accessible from the most common user levels. Refer to User Level Permissions for more information about each level.

For information about Data Access Security User Levels and Configuration Hub User Levels, follow the links at the bottom of this page.

Note

Multiple user levels can be granted to a user; however, the following cannot be assigned at the same time:

  • Role Admin and Source Sub-Admin
  • Role Sub-Admin and Source Admin
  • Role Sub-Admin and Role Admin
  • Source-Sub Admin and Source Admin
  • Source Admin and Source Configuration Assignee

The user's access is cumulative across all granted user levels.

  Admin Cert Admin Helpdesk Admin Report Admin Role Admin Sub-Admin Source Admin Sub-Admin Source Configuration Assignee Cloud Gov Admin/User End User
Technical Name ORG_ADMIN CERT_ADMIN HELPDESK REPORT_ADMIN ROLE_ADMIN ROLE_SUBADMIN SOURCE_ADMIN SOURCE_SUBADMIN SOURCE_CONFIG_ASSIGNEE CLOUD_GOV_ADMIN
CLOUD_GOV_USER
 
    Details Details Details Details Details Details Details
Admin    
Dashboard          
Overview          
Access Intelligence Center 2     2          
Aggregation Activity          
Tasks          
Monitor          
Data Explore              
Identity Management            
Identities   3            
Machine Identities            
Accounts       4      
Access History              
Identity Profiles                
Outliers              
Governance Groups                
Activities                
Access Model            
Entitlements         1      
Access Profiles         1      
Roles       1        
Role Insights              
Metadata                
Segments                
Applications                
Connections              
Sources         1      
Virtual Appliances                
Integrations                
Multi-Host Sources                
  Admin Cert Admin Helpdesk Admin Report
Admin
Role Admin
Sub-Admin
Source Admin
Sub-Admin
Source Configuration Assignee Cloud Gov Admin/User End User
Certifications            
Campaigns            
Campaign Filters              
Password Mgmt                
Policies                
Sync Groups                
Global        
Reports        
System Settings                
Additional Settings                
GenAI Settings            
Security Settings                
Email Templates                
Grant Tenant Access              
Forms              
Parameter Storage              
Event Triggers                
Workflows                
Search        
Saved Search Queries        
Certification Campaigns              
Policies                
Reports        
Role Discovery              
Dashboard Home
Passwords
Preferences
Request Center
Approvals
Task Manager
Certifications
SailPoint CIEM                
Harbor Pilot                

1 Sub-admins can access these pages only if they are members of the governance group for the associated source. Sub-admins have the ability to search all organization data, not just data associated with their governance group.

2 Access Intelligence Center can be accessed by Admins and Report Admins who have been granted the Author or Reader user level.

3 Helpdesk Admins can process identities but cannot manually set identity lifecycle states.

4 Source Admins can view all accounts. Sub-admins can only view accounts for sources associated with the governance groups they are members of.

Data Access Security User Levels

Refer to the following documentation for information about Data Access Security user levels.

Configuration Hub User Levels

Refer to the following documentation for information about Configuration Hub user levels.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.