3.1 Understanding Delegation

Authorized users can delegate their review and approval tasks. The Customer, Global, or Data Administrator can assign delegates for all users. The delegate then receives tasks and acts on them instead of the original assignee. If the original assignee acts in one of the review or access approval management roles, the delegate also has the proper access permissions to act in that role. For example, if the original assignee was review owner, review auditor, or access request approver, the delegate will also have the related access permissions.

Delegation is a one-to-one mapping between two active users in the catalog. While a user can have only one delegate at any given time, a user can act as delegate for multiple users. Delegate chains are allowed. For example, User A can have a delegate User B, User B can have a delegate User C. However, a cyclical chain, where User A’s delegate is User B, and User B’s delegate is User A, is not allowed and will cause the review startup to fail.

When a review is started, Identity Governance calculates reviewers by the active delegate mappings that exist at the start of the review. If a delegate exists for an original assignee, the delegate for all intents and purposes is now considered the reviewer. To prevent review startup failure related to a cyclical chain, administrators can use the Validate delegate mapping bulk action after mapping delegates. The only other times Identity Governance calculates delegates are when review items are escalated, and when a reviewer is reassigned using the Change Reviewer option. When using the Change Reviewer option during reviews, the option becomes inactive when a cyclical chain is detected. After a delegate reviews or approves an item, and after running an Insight Query, the delegate and their relationship to the user appears in the results list. For example, “Approved by User B (delegate for User A, the delegate will show up under 'Delegated From' column).

A delegation continues until it is terminated, a different user is assigned, or when the current date is not in the specified date range. When a delegation is terminated or modified, all future tasks are reassigned to the original assignee or the new delegate. If the delegation is terminated or modified when a review is in progress, outstanding tasks are not impacted. For purposes of historical audit, reviewer information and task activity in preview or live review tabs indicate that the task was assigned to a delegate in place of the original assignee.