In the first option, it’s clear that tasks must be “assigned to them” for users to perform them. This makes sense for both regular users and those with specific responsibilities.
However, in the second option, there’s no mention of tasks being assigned. If we think from the perspective of a simple end user, how would they be able to do an access review if it’s not explicitly assigned to them? Access reviews are typically meant for managers or reviewers, right?
You’re correct in your understanding, and your confusion is understandable given the wording of the options. Let’s break down each option:
They can do any work assigned to them.
Explanation: This is accurate. In SailPoint IdentityNow, users can perform tasks that are explicitly assigned to them, such as completing a certification (access review) or fulfilling a request.
They can do an access review.
Explanation: This option is also valid, but with the crucial context that the access review must be assigned to them. In IdentityNow, access reviews (also known as certifications) are typically assigned to managers, application owners, or designated reviewers. Regular users can perform an access review only if they have been assigned one.
They can see the status of all users.
Explanation: This is generally not available to regular users. Viewing the status of all users is typically a capability reserved for administrators or users with specific permissions.
Addressing Your Confusion:
Access Reviews and Assignments: In IdentityNow, access reviews are indeed usually assigned to specific individuals responsible for certifying access—such as managers or designated reviewers. Regular end users would not have the ability to perform access reviews unless they have been assigned that task.
Implication of the Options: While option 2 doesn’t explicitly mention “assigned to them,” it is implied within the context of the platform’s functionality. Access reviews can’t be performed arbitrarily; they must be part of an assigned task.
I would suggest you to not to over think, which will give you confusions. Consider yourself like a beginner and doesn’t have much knowledge. Then you don’t get much confusions, that’s what I do in SailPoint certifications
Question referring to users (User level)
They can do any work assign to them, irrespective of your permission level, you are allowed to do all the works assigned to you.
They can do access review, yes users can do an access review, you don’t need additional permission/level to review an access, you just need to be manager/owner which is not a user level again.
They can see the status of all users, only org admins can see that.
I’ll definitely keep that beginner’s mindset in mind to avoid overthinking.