Skip to main content
Skip table of contents

Delegate with sapio365 RBAC

Overview

sapio365 has a built-in role-based access control system where the ability to access or modify anything in sapio365 is represented by individual permissions.

Controlled granularity

Create custom roles by selecting only the permissions you need. The actions that you’ve chosen for the role can then be further limited to a specific scope (set of users, groups, and SharePoint Online sites).

The roles you create, the scopes and role assignments, also known as the sapio365 RBAC configuration, are stored in a local encrypted database on your machine.

Collaboration and sapio365 RBAC

Leverage sapio365 collaboration to roll out sapio365 RBAC to individual workstations.

Ex. When you connect YOUR Azure Cosmos DB account or your Microsoft SQL server to your sapio365 license, the local database synchronizes with the database on the chosen platform.

This allows delegated users to retrieve and take on assigned roles when they sign in to sapio365 on their own computers.

VIEW Use Case & Video

Set up sapio365 RBAC

  1. Set collaboration connection to your Cosmos DB or your MS SQL server (optional)

  2. Add tenant and on-prem Active Directory credentials

  3. Define custom roles

  4. Add a scope of action

  5. Assign users or groups

Manage sapio365 RBAC

  1. Manage RBAC access

  2. Audit User Activity Logs

  3. Review Comment History

How to use a sapio365 RBAC role

If you have been assigned roles in sapio365's RBAC to give you specific access to tenants, sign into sapio365 using a Standard session, and you will see a list of roles available to you.

Click here to learn more about how to use sapio365 RBAC roles.

FAQs

How do sapio365 RBAC roles I create affect Microsoft 365 access?

They don’t. sapio365 RBAC roles are not connected to your Microsoft 365 tenant Entra ID.

sapio365 RBAC roles are only available when using sapio365 to access or modify data in the tenant.

Can I create a sapio365 role to manage another tenant?

Yes! You can create roles for specific tenants and delegate them to your team. Each role is based on a set of credentials you configure.

Clone sapio365 RBAC roles

If you need to create the same role to manage several tenants, you can clone an existing role and switch credentials.

Can I set up sapio365 RBAC roles without enabling Collaboration?

Yes you can configure sapio365 RBAC roles to test them yourself before connecting to a collaboration platform. Once you enable collaboration, the RBAC configuration, User Activity Logs, shared views, comments and jobs will be synced to the collaboration platform you set up.

You must have Collaboration enabled to delegate sapio365 to other people.

How are actions by sapio365 RBAC role delegates perceived by Microsoft 365?

All changes made by sapio365 RBAC role delegates are done on behalf of the set of credentials set for that role. Depending on the activity, actions are logged in Microsoft 365 as the service account or the registered application.

View sapio365 User Activity Logs

Access and change actions by sapio365 users (including RBAC delegates) are logged by sapio365 in the User Activity Logs.

These logs can be reconciled with those in Microsoft 365 for auditing purposes.

Can sapio365 RBAC setup and management be delegated to a non-global admin?

Yes, you can assign the ability to create roles, monitor User Activity Logs and other roles to users who are not global admins in sapio365 Access & Restrictions.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close