User classes and relationships

Access based on relationships

  • BEFORE: access rights attached to requester.
  • NOW: rights attached to relationship between requester and recipient.
  • Rights may be to read/write identity attributes or perform actions.

 

Examples:

Read/write termination date

  • Requester in HR.
  • Requester not recipient.

Read/write termination date

  • Recipient reports to requester.

Read home address

  • Recipient has active profile.

Read/write home address

  • Requester is recipient.

Read SSN, DoB

  • Requester is recipient.

Write SSN, DoB

  • Requester in HR.