Business stake-holders, such as managers, application owners and data owners can sign into the Hitachi ID Identity Manager web portal and request changes to security entitlements. For example, a manager might ask for application access for an employee or schedule deactivation of a contractor's profile.
Delegated user administration is subject to a variety of policies:
- Display filters control:
- What recipients are visible in search results for a given requester.
- Which recipients' profiles a given requester can display.
- What kinds of access requests a given requester can make on behalf of a given recipient.
- Access control rules determine what parts of a recipient's profile a given requester can see. For example, a user's manager may be allowed to see his subordinates' contact information and applications but not their social security numbers, which are only visible to HR.
- Authorization routing logic determines who must approve every access request. Typically, a user's manager plus entitlement owners are invited to approve all changes to a user's access rights.