29.1 Understanding Delegation

Delegation is a one-to-one mapping between two active users in the catalog. A user can have only one delegate at any given time. A user can act as delegate for multiple users. Delegate chains are allowed. For example, User A can have a delegate User B, User B can have a delegate User C. However, a cyclical chain, where User A’s delegate is User B, and User B’s delegate is User A, is not allowed and will cause the review startup to fail.

When a review is started, Identity Governance calculates reviewers by the active delegate mappings that exist at the start of the review. If a delegate exists for an original assignee, the delegate for all intents and purposes, is now considered the reviewer. To prevent cyclical chain related review startup failure, administrators can use the Validate delegate mapping bulk action after mapping delegates. The only other times Identity Governance calculates delegates is when review items are escalated, or when a reviewer is reassigned using the Change Reviewer option. When using the Change Reviewer option during reviews, the option will become inactive when a cyclical chain is detected.

A delegation continues until it is terminated or a different user is assigned. When a delegation is terminated or modified, all future tasks are reassigned to the original assignee or the new delegate. If the delegation is terminated or modified when a review is in progress, all outstanding tasks are not impacted. For purposes of historical audit, reviewer information and task activity in preview or live review tabs indicate that the task was assigned to a delegate in place of the original assignee.