Skip to main content

Example: Delegate a certification segment when the reviewer is invalid

Business requirement

Organizations require the ability to sign off on a certification campaign when the initial reviewer is no longer a valid user.

Solution

A superuser can create delegation administration rules in Bravura Security Fabric to enable a certification segment to be delegated to a valid user. The valid user can then complete the certification round.

The following demonstrates how to configure delegated administrative rules using the Delegation authority privilege to delegate an invalid user’s certification segment to a valid user.

In this example, a superuser creates two delegated administrative rules with the Delegation authority privilege:

  • One rule specifying NEWUSER as the RECIPIENT. This rule enables the Delegate authority link under Other users .

  • Another rule specifying ALLUSERS as the RECIPIENT. This rule enables the Show invalid icon 3332.png to display when selecting the user whose authority you need to delegate.

Note

This setup is for demonstration purposes only; in a production environment it is recommended that you restrict access to the "Delegate authority" privilege to specific users through a global helpdesk rule.

Pre-requisites

This example assumes that:

  • Bravura Security Fabric and Connector Pack installed.

  • An Active Directory target system is added as a source of profiles.

  • There is an active certificate segment where the reviewer has been deleted in the target system.

Configure the first delegated administrative rule
  1. Log in to the front-end as superuser.

  2. Click Manage the system > Security> Access to user profiles> Delegated administration rules.

  3. Click Add new.

    • ID: Rule 1

    • Description: Rule 1

  4. Select Delegate authority for Allowed privileges.

    Click Add.

  5. Click Membership criteria tab.

    Click Select.

  6. Select the _ALLUSERS_ user class.

  7. Select RECIPIENT for Participant mapping.

    Click Select.

  8. Select the _ALLUSERS_ user class.

  9. Select REQUESTER for Participant mapping.

  10. Set The participants have to match which of the user classes to All of the user classes .

Configure the second delegated administrative rule
  1. Log in to the front-end as superuser.

  2. Click Manage the system > Security> Access to user profiles > Delegated administration rules.

  3. Click Add new.

  4. Click Add new.

    • ID: Rule 2

    • Description: Rule 2

  5. Select Delegate authority for Allowed privileges.

    Click Add.

  6. Click Membership criteria tab.

    Click Select.

  7. Select the _NEWUSER_ user class.

  8. Select RECIPIENT for Participant mapping.

    Click Select.

  9. Select the _ALLUSERS_ user class.

  10. Select REQUESTER for Participant mapping.

  11. Set The participants have to match which of the user classes to All of the user classes .

Delegate an invalid user’s certificate segment to an valid user
  1. Log in to the front-end as an end user.

  2. Click Delegate authority in the Other users section.

  3. Click Show invalid .

  4. Click the deleted reviewer link to open the delegation page.

  5. On the delegation page, select a valid user as the delegate.