Security Policy Engines

User Classes

User classes determine whether a given user meets some pre-defined criteria, or whether two or more users are related in a specified manner.

  • Simple classes:
    • Is user X in group Y?
    • Is user X in group Y and OU Z?

  • Complex classes:
    • Are users X and Y at the same location?
    • Is user X an indirect manager of Y?
    • Is user X in group Y and are users X and Y in the same department?

User classes underly Hitachi ID Suite delegated administration:

  • Natural, declarative way to define policy.
  • Extremely flexible.
  • Efficient to compute.