Example: Delegate a certification segment when the reviewer is invalid
Business requirement
Organizations require the ability to sign off on a certification campaign when the initial reviewer is no longer a valid user.
Solution
A superuser can create delegation administration rules in Bravura Security Fabric to enable a certification segment to be delegated to a valid user. The valid user can then complete the certification round.
The following demonstrates how to configure delegated administrative rules using the Delegation authority privilege to delegate an invalid user’s certification segment to a valid user.
In this example, a superuser creates two delegated administrative rules with the Delegation authority privilege:
One rule specifying NEWUSER as the RECIPIENT. This rule enables the Delegate authority link under Other users .
Another rule specifying ALLUSERS as the RECIPIENT. This rule enables the Show invalid icon
to display when selecting the user whose authority you need to delegate.
Note
This setup is for demonstration purposes only; in a production environment it is recommended that you restrict access to the "Delegate authority" privilege to specific users through a global helpdesk rule.
Pre-requisites
This example assumes that:
Bravura Security Fabric and Connector Pack installed.
An Active Directory target system is added as a source of profiles.
There is an active certificate segment where the reviewer has been deleted in the target system.
Configure the first delegated administrative rule
Log in to the front-end as superuser.
Click Manage the system > Security> Access to user profiles> Delegated administration rules.
Click Add new.
ID: Rule 1
Description: Rule 1
Select
Delegate authority
for Allowed privileges.Click Add.
Click Membership criteria tab.
Click Select.
Select the _ALLUSERS_ user class.
Select
RECIPIENT
for Participant mapping.Click Select.
Select the _ALLUSERS_ user class.
Select
REQUESTER
for Participant mapping.Set The participants have to match which of the user classes to All of the user classes .
Configure the second delegated administrative rule
Log in to the front-end as superuser.
Click Manage the system > Security> Access to user profiles > Delegated administration rules.
Click Add new.
Click Add new.
ID: Rule 2
Description: Rule 2
Select
Delegate authority
for Allowed privileges.Click Add.
Click Membership criteria tab.
Click Select.
Select the _NEWUSER_ user class.
Select
RECIPIENT
for Participant mapping.Click Select.
Select the _ALLUSERS_ user class.
Select
REQUESTER
for Participant mapping.Set The participants have to match which of the user classes to All of the user classes .
Delegate an invalid user’s certificate segment to an valid user
Log in to the front-end as an end user.
Click Delegate authority in the Other users section.
Click Show invalid .
Click the deleted reviewer link to open the delegation page.
On the delegation page, select a valid user as the delegate.