Skip to main content

Delegated Security Administration - Hitachi ID Identity Manager

(1)Business stake-holders, such as managers, application owners and data owners can sign into the Hitachi ID Identity Manager web portal and request changes to security entitlements. For example, a manager might ask for application access for an employee or schedule deactivation of a contractor's profile.

Delegated user administration is subject to a variety of policies:

  • Display filters control:
    • What users can ask to make changes to another user's profile.
    • Which recipients' profiles a given requester can access.
    • What kinds of changes a given requester can request.
  • Access control rules determine what parts of a recipient's profile a given requester can see. For example, a user's manager may be allowed to see his subordinates' contact information and applications but not their social security numbers, which are only visible to HR.
  • Authorization routing logic determines who must approve every requested change. Typically, a user's manager plus entitlement owners are asked to approve all changes to a user's access rights.
page top page top