There is a need for full Delegated Administration within the IDM Apps, especially in a large multi-tenanted environment, without the need for lots of back-end ACL's and custom container creations.

Each tenant would require a mix of any of the following fine grained tasks for their "tenancy":
- Read Roles/Resources
- Assign/Revoke user/group/container/TEAM to Roles/Resources
- Create Roles/Resources
- Delete Roles/Resources
- Assign/Revoke Workflow to Roles/Resources
- Assign/Revoke Entitlement to Resources
- Customise Resource Forms including drop downs (no more CODE_MAP table hacks) and interaction between inputs (i.e. if field a = x, then show/hide/populate field b).
- Drag and Drop UI to create simple and branched workflows for Roles/Resources with single/multiple approvals to user/group/TEAM.

There could also be a need to adjust inter-tenancy activities too.

by: Ben W. | over a year ago | Role Based Provisioning