As the number of applications and services needing administration grows, it is helpful to be able to delegate administration to those closest to the applications. In this case it is important that the infrastructure tools enforce the separation of authorization policies. The system needs to ensure that only authorized administrators are able to make changes and that these changes are limited to the applications they are assigned to.
The OpenIAM IDM solution offers a web based administrative console that allows security administrators to define authorization policies as well as delegate administration privileges for a particular application or services. For example, the administration of a portal may be delegated to someone within the IT, marketing, or sales group. The global system administrator would likely want to delegate portions of policy management to the senior B2C administrator, but not the ability to see or change other enterprise authorization policies.