Custom SailPoint Roles

Is there an ability to create custom SailPoint permissions for users?

The current built-in user permissions for SailPoint does not have a Read Only level of access and we would like the ability to customize these roles for first level resolution and auditing purposes.

For example we would like the helpdesk to be able to have read only rights to view entitlements listed within the persons identity under accounts. There is currently no way to modify the “Helpdesk Admin” role.

Another example is our auditors would like to validate information for roles and access profiles but “Role Admin” also grants write privileges.

These roles seem very limited on what they can do and we are stuck granting users multiple roles to serve one purpose e.g. “Helpdesk, Cert Admin, etc” The roles currently grant read AND write access to data and unable to restrict users from making changes.

Is there some way to create custom user permissions or customize the built-in user permissions within SailPoint?

Nothing at this time. A read-only capability is planned: Idea: New Admin Role - Read-Only Admin | SailPoint Ideas Portal. You could generate PATs with more specific access - but this probably wouldn’t meet your requirements.

Additional items in this space are in various parts of the roadmap or discovery to hopefully improve these capabilities:

• Segmentation of User Level Permissions based | SailPoint Ideas Portal

I am very much looking forward to SailPoint rolling out a read-only admin as well as finer grained admin access.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.