Delegated Security Administration - Hitachi ID Identity Manager
Business stake-holders, such as managers, application owners and
data owners can sign into the Hitachi ID Identity Manager web portal and request changes
to security entitlements. For example, a manager might ask for
application access for an employee or schedule deactivation of a
Delegated user administration is subject to a variety of policies:
- Display filters control:
- What users can ask to make changes to another user's profile.
- Which recipients' profiles a given requester can access.
- What kinds of changes a given requester can request.
- Access control rules determine what parts of a recipient's profile
a given requester can see. For example, a user's manager may be
allowed to see his subordinates' contact information and applications
but not their social security numbers, which are only visible to HR.
- Authorization routing logic determines who must approve every
requested change. Typically, a user's manager plus entitlement owners
are asked to approve all changes to a user's access rights.