- Organizational Structure: Understanding and control over resources are bound to a structure defined by an organization. They need the ability to participate in shared resources, while still maintaining independence in the decision-making process.
- Legal Requirements: Configuring and maintaining the ability to operate in a manner consistent with regulatory (or other legal) requirements that may restrict access or activity (government, defense or financial institutions, for example).
- Operational Requirements: Today's applications and services leverage structured constraints based on metadata (attributes) for configuration, availability or security. This is not uncommon in hosting or outward facing scenarios
- Organizational Units: Provides a way to scope and group objects
- Managed Objects (including. roles, users, orgs, devices)
- Policies (password policies)
- Workflows (associate workflows to organizations)
- Authorization Layer: Granular entitlement on what can be done thru the RESTful layer on what objects and organizations
- Ability to group entitlements into assignable Administrative Roles
What do people do in OpenIDM today?
A better solution
Delegated Administration Policies
- A Source Rule: a boolean expression based on user and relationship attributes. Any user that matches the Source Rule is an administrator in this policy.
- A Target Rule: any user that matches the Target Rule can be administered by any user who matches the Source Rule
- A Permissions Schema: defines what operations (create, delete, enable, disable) and identity data the administrator can perform on the target users. This permission schema defines very fine-grained control over each field.