Sun Identity Manager 8.1 Business Administrator's Guide

Delegated Administration

In most companies, employees who perform administrative tasks hold specific responsibilities. Consequently, the account management tasks that these administrators can perform are limited in scope.

For example, an administrator might be responsible only for creating Identity Manager user accounts. With that limited scope of responsibility, the administrator likely does not need specific information about the resources on which user accounts are created, or about the roles or organizations that exist within the system.

Identity Manager can also restrict administrators to a specific tasks within a specific, defined scope.

Identity Manager supports the separation of responsibilities and a delegated administration model as follows:

You can specify delegations for a user from the Create User page when you set up a new user account, or when you edit a user account.

You can also delegate work items, such as requests for approvals, from the Work Items tab. For more information on delegations, see Delegating Work Items for details.