We are excited to announce that Custom User Levels has now been extended to Governance Groups. This enhancement to Custom User Level now offers administrators to extend permissions to Governance Groups, to include Governance Group Membership Management, Governance Group Read Only, and Governance Group Management.
This is awesome and something some of our user groups had been asking for. I will just give another plug that I think SailPoint needs to re-evaluate what is considered “elevated” access and requires user’s to register an MFA device (even for users who only login via SSO). Currently anything that gives any access to the “admin” menu triggers that. In my opinion, read only access to things like entitlements, governance groups, etc. that are granted by Custom User Levels should not flag as elevated access and require users to register a throaway TOTP MFA device.
Much awaited and definitely a much-needed enhancement. It would be great if this capability could also be extended to Applications in the future for more granular governance and delegation use cases.
Thank you for opening a ticket @danielbock, I don’t see it in sandbox either. I see a Filter option for Governance Groups, but that’s all.
@JKistler do you know if there are plans to extend these Custom User Levels to provide a read-only view of sources and source configurations? This is one of the biggest elements standing in the way of creating a true read-only admin
Looks like the issue has been resolved and these new Custom User Levels should now be appearing in your Sandbox environments. I apologize for the delay.
