Access controls in Identity Manager depend on the relationship between requester, recipient and authorizer. This is a novel access control model which Hitachi ID Systems has not seen in other products -- as it links access rights to categories of relationships, rather than just to sets of users (the requesters).
This is best illustrated by some examples:
- Termination-related information:
A set of profile attributes relating to termination and rehire can be defined -- e.g., scheduled termination date, termination process completion status, type of termination (fire, resign, retire, end of contract, etc.), reason for termination, whether rehire is permissible, etc. Access to these attributes can then be granted to a given user's direct manager and to HR, so long as recipient is not also in HR.
- Access to PII:
PII may include home mailing address and phone number, social security number, date of birth, etc. The relational access control model can be used to allow users to see all of this in their own profiles and modify contact information -- but not necessarily DoB or SSN. HR could then get the same read access but be able to edit DoB and SSN as well. A user's manager might be able to read home contact information but not DoB or SSN.
- User privacy control:
Profile attributes can be defined that enable users to control who can see their home contact information. For example, in a college, a user might set an attribute "same-department, faculty-only" or another labeled "all-students" or "all-administration" to set the scope of other users who get read access to their profile information.
The same type of defined-relationship / fixed-rights model controls operations. For example, what user can submit change request on behalf of what other user? What user can access change history for what other user? What user can certify the access rights of what other user? All these access rights are tied to relationships.
Fine-grained access controls allow organizations to securely manage
sensitive data using Identity Manager.