Identity Manager 7.1 - Whats new? - Delegation Work Items

When an approver needs to delegate a work item (provisioning approval, audit remediation, mitigation, attestations, etc.) due to vacation or some other reason, the approver would enter IdM and assign a delegate to handle the approvals for a set period of time. This was a powerful and needed capability. But deployments in real life production found some short comings that have been addressed in IdM 7.1.

First is the all or nothing based approach to delegation. All work items were treated the same and you could delegate all of them to one or more delegates (thus giving them temporary super powers they may not already have).  But real life is more complex than that. A manager going on vacation may want approvals to go to the department supervisor running things while they are gone, but audit type attestations and remediations to go to the department finance person, just to keep everyone honest.

Now in 7.1, as a developer, you can treat the different work items differently when it comes to delegation. First off, work items come out of the box in the following flavors:
  • Approvals
  • Organizational Approvals
  • Resource Approvals
  • Role Approvals
  • Attestation
  • Review
  • Access Review Remediation
As implementor, you can extent these work items as well within the IDE/BPE editor. Just extend the WorkItemType. Also important -> you can create a hierarchy of work item types.

Now when you go into IdM 7.1, instead of the delegations, there are work items (as there are more than just delegations possible) and the screens let the user filter different work items and delegate them to others.  This is a powerful feature that allows the implementor to address a slew of need capabilities that were not available before (and certainly not in our competitors products).  The ability to classify work items, extend them, and create a hierarchy adds a great deal of flexibility to the Sun IdM Product.

One other fix to mention is what if the person delegated to is deleted or disabled?  In prior versions, someone would have to go in and either delete or redirect the work items back to the delegator. In the new version, if the target person is deleted or disabled, the delegator will be able to see the work items they have delegated have been returned with the disabled delegatee's name in (parenthesis) to indicate they can no longer manage the delegation. They delegator can then reassign the work items to someone else.


Powered by ScribeFire.

Comments:

Post a Comment:
Comments are closed for this entry.
About

Sean ONeill

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today