Hi Naoki,

The user will inherit first the settings of the Identity provider he/she is using to log on to Tridion Docs
So in the Identity Providers section the checkboxes will be enabled/disabled based upon the associated configuration.

You can further enable additional components based upon the user itself if needed for a user.

So in your situation described above you should check which checkboxes are selected for the identity providers section (and the roles/claims which are setup).
I'm assuming that this will include OrganizeSpace and Publication Manager.

Kind Regards,

Raf 

Hi Raf-san,

The access settings for the Tridion Docs identity provider are configured as shown in the diagram below.

Therefore, I thought that a new user who identifies with the Tridion Docs identity provider will inherit the above access settings. But as I showed in the previous screenshot, no checkboxes are checked for the new user. Why does this happen?

Regards,
Naoki

Hi Naoki,

Your assumption is correct, althought not visible in the UI.
As shown on your screenshot above the selected 'applications' and 'services and roles' are available for the user through the global definition.
If the user has in his/her claim the role 'Administrator' enabled the selection for that definition would be available.

On the user level you can additionally enable 'Applications' and/or 'Services and roles'. This would show by the selected checkboxes for the user (on the user specific screen). However the items enabled through the identity provider are not represented on the user screen.
So the user screen only shows the changes/exceptions introduced specifically for that user and not the fully available set of options.

So although the checkboxes are all deselected on the user screen, the selection of the identity provider screen is what is available and enabled.

Kind Regards,

Raf

Hi Naoki,

Your assumption is correct, althought not visible in the UI.
As shown on your screenshot above the selected 'applications' and 'services and roles' are available for the user through the global definition.
If the user has in his/her claim the role 'Administrator' enabled the selection for that definition would be available.

On the user level you can additionally enable 'Applications' and/or 'Services and roles'. This would show by the selected checkboxes for the user (on the user specific screen). However the items enabled through the identity provider are not represented on the user screen.
So the user screen only shows the changes/exceptions introduced specifically for that user and not the fully available set of options.

So although the checkboxes are all deselected on the user screen, the selection of the identity provider screen is what is available and enabled.

Kind Regards,

Raf

Hi Raf-san,

Thank you for your clarification. I understand the behavior of Access settings display in Access Management.

Kind regards,
Naoki