Identity Administration is the ability for designated individuals to perform user, group, shared folder, SharePoint, computer and other object management tasks in a controlled manner using the web interface and workflows of EmpowerID. Which objects a person may see and which management tasks they may perform against these objects is control by real-time RBAC / ABAC hybrid security. EmpowerID allows controlled Identity Administration through a single interface and security model without requiring delegation of native permissions in the various systems in which the objects they are managing reside.
A key EmpowerID design practice is to develop a Persona Worksheet that uncovers how many different types of “Personas” based upon how many classifications are uncovered as to who can see which objects and which actions they may perform against them. These Personas are a key piece of information used in the design and creation of EmpowerID roles that will receive the access assignment and restriction policies defined in the Persona Worksheet.