Administrator role delegation
Introduction
IBM® Security Verify provides ability to delegate administrator actions to other users for a certian period of time. The capability is specifically for the administrative roles that come into effect for managing access certification activities.
A certification campaign to certify users' and groups' access or accounts assigns the administrator role of Campaign Reviewer
and / or Campaign Supervisor
. If the initial user assigned to the certification campaign is on planned leave or unavailable, a "delegation" can be defined to assign the certification campaign to a delegated admin with the corresponding Campaign Reviewer
and / or Campaign Supervisor
designation.
Configure delegation
The three-step guide to delegate admin roles is as follows:
- View my accesses
- Delegate role
- Manage delegated role
1. View my accesses
Login to Verify and navigate to My accesses
to view current accesses. These are basically the accesses which are assigned, either directly OR via delegation from a peer employee:
Click a specific access, to view its details.
Here's are the typical details of Campaign Reviewer
access:
Likewise, here are the typical details of Campaign Supervisor
access:
The main point to note here is that the details view shows any existing delegation configuration for a specific admin role, along with details around the delegatees and the duration of the delegation. Any missing details around delegation would mean delegation is not set.
2. Delegate role
Once, the details have been inspected and delegation has been configured, configure any new delegation schedule as specified in this section. Click on the Delegate
option to launch the configuration wizard, which will encompass the following steps:
-
Select Roles for delegation
Select one or more roles from the list that need to be delegated. -
Select delegatees (users that will be delegates)
Select one or more users that will act as delegates. -
Specify the delegation schedule
Select the start and end dates for this delegation. -
Specify justification
Optionally, specify justification for the delegation. -
Review the selections before submission
Preview the summary for delegation before scheduling it. It will have the details like schedule, justification, roles and users. Once selections are validated, click on theSchedule
option.
3. Manage delegated role
Once delegation is scheduled, review and manage it by selecting the access.
Details of Campagin Reviewer
admin role with delegation information:
Details of Campagin Supervisor
admin role with delegation information:
In the event that fine-tuning delegation is needed, ex: change the delegatee:
- Navigate to `Manage users`. Here, remove the delegation from an user, by hitting on the cross against the user name.:
- Confirm the removal, the delegation schedule would be removed from the relevant role:
- Once delegation schedule is removed from a given role, delegate the same role again to a different user(s).
You can repeat the same process even for changing the delegation schedule. For example, the same "Campaign Reviewer" role has been delegated to Scott for a different time period:
Aakash Prajapati, IBM Security
💎 Ramakrishna J Gorthi, IBM Security
Updated 7 months ago