Business stake-holders, such as managers, application owners and data custodians can sign into the Hitachi ID Identity Manager web portal and request changes to user profiles, accounts, groups and security entitlements. For example, a manager might request application access for a subordinate or schedule deactivation of a contractor.
Delegated user administration is subject to a variety of policies:
- Display filters control:
- What recipients are visible in search results for a given requester.
- Which recipients' profiles a given requester can display.
- What kinds of access requests a given requester can make on behalf of a given recipient.
- Access control rules determine what parts of a recipient's profile a given requester can see. For example, a user's manager may be allowed to see his subordinates' contact information and applications but not their social security numbers, which are only visible to HR.
- Authorization routing logic determines who must approve every access request. Typically, a user's manager plus entitlement owners are invited to approve all changes to a user's access rights.