MyIdentityGraph Delegate Permissions to another Person

MyIdentityGraph supports the delegation of your permissions to another person. In that case the other person inherits all your permissions to resources.

The following use case describes the creation of a “delegate” edge. In that case Saskia delegates her permissions to Delgado who in turn gets read permission to Ron’s UserProfileData. Remember that Saskia was granted access to Ron’s UserProfileData in the preceding chapter.

  1. Select “Accumulate Graph” from the “More” menu
  2. Select “Query Me” and then select “Person by UserID”
  3. Click on your person node, then the “hand” icon (see image)
  4. Connect your person node to the other person which should be your delegate
    Confirm the modal window
Select "My Access Permissions" and then search for the Person you want to delegate your permissions to - don't forget to select accumulate view.

Select “My Access Permissions” and then search for the Person you want to delegate your permissions to – don’t forget to select accumulate view.

Click on your Person node and select the "Hand" icon

Click on your Person node and select the “Hand” icon

Draw a "delegate" edge to the Person you want to delegate your permissions to - in our case Delgado

Confirm the first step of delegation creation

Confirm the creation of the Permission Delegation

Confirm the creation of the Permission Delegation

The "delegate" edge will be created. A permission path from Delgado to the UserDataProfile "Owen" is created

The “delegate” edge will be created. A permission path from Delgado to the UserDataProfile “Owen” is created

View from Ron' perspective. Seeing the permission path from Delgado to Ron's UserProfileData

View from Ron’ perspective. Seeing the permission path from Delgado to Ron’s UserProfileData


An additional use case demonstrates how 2-hop delegations are reflected in the MyIdentityGraph model:

Consider the case that Delgado itself has a valid permission delegation to Carol as depicted in the image below.

Visualization of an existing delegation between Carol and Delgado

Visualization of an existing delegation between Carol and Delgado

The existing delegation results in a valid permission path between Caron and Ron's UserProfileData "Owen"

The existing delegation results in a valid permission path between Caron and Ron’s UserProfileData “Owen”