We are required to use an enterprise wide third party authorization system, which provides user entiltement via an LDAP tree.
Deputy assignmnent is done per role, e.g. authorize jstein for role FinanceSupervisor and in addition I authorize fkafka as deputy for jstein in before mentioned role.
In 10g we implemented this using parametrized roles.
I am looking into how we can implement this in 11g but I cannot find any information on this subject.
Anything which sheds some light on this is very appreciated.
I'd be the first to admit I don't quite have a full grasp of the benefits of the new parametric role feature that came back in with the 18.104.22.168 feature pack and how this can be used for LDAP groups - just don't see it.
As an alternative, I've been using the business rule feature for human tasks to assign people to tasks based on one or more parameters passed into the human task. If you wanted to have a deputy for Finance assigned, you'd pass into the human task the elements "Deputy" and "Finance". The business rule in the human task would then assign the work item instance to the correct LDAP group (e.g. "FinanceSupervisor").
I wrote this blog (http://www.avioconsulting.com/blog/datwood/2012/08/27/creating-parametric-roles-using-business-rules) a few months ago that gives you a step-by-step on how to do this.
Hope this helps,