Delegated User Administration
(1)Business stake-holders, such as managers, application owners and data owners can sign into the Hitachi ID Identity Manager web UI and request changes to security entitlements. For example, a manager might ask for application access for an employee or schedule deactivation of a contractor's profile.
Delegated user administration is subject to a variety of policies:
- Display filters control:
- What users can ask to make changes to another user's profile.
- Which recipients' profiles a given requester can access.
- What kinds of changes a given requester can request.
- Access control rules determine what parts of a recipient's profile a given requester can see. For example, a user's manager may be allowed to see his subordinates' contact information and applications but not their social security numbers, which are only visible to HR.
- Authorization routing logic determines who must approve every requested change. Typically, a user's manager plus entitlement owners are asked to approve all changes to a user's access rights.