Mapping tenat groups to identity management classes

What is claimed is: 1. A method comprising: mapping, by a system including a processor, groups of a plurality of tenants to identity management classes corresponding to respective roles that grant respective permissions for performing tasks with respect to at least one application, the at least one application accessible by the plurality of tenants, wherein the identity management classes are associated with hierarchical delegation information that specifies delegation rights among members of the identity management classes; and in response to a request by a first member of a first of the identity management classes to perform delegation with respect to a second member of one of the identity management classes, determining, by the system based on the delegation rights specified in the hierarchical delegation information for the first identity management class, whether the first member is allowed to perform the delegation with respect to the second member, wherein to perform the delegation with respect to the second member includes at least one of enrolling the second member in a particular identity management class, modifying information of the second member in the particular identity management class, and removing the second member from the particular identity management class, and wherein a first group and a second group of the groups of the plurality of tenants have a same role, but are mapped to different identity management classes having different delegation rights, wherein the delegation rights of each of the members of the identity management classes specify rights of each of the members of the identity management class to perform delegation with respect to further members of the identity management class. 2. The method of claim 1 , wherein the request is a request by the first member of the first identity management class to enroll the second member in a second identity management class, and wherein the determining comprises determining, based on the hierarchical delegation information, whether the first member is allowed to enroll the second member in the second identity management class. 3. The method of claim 1 , wherein the request is a request by the first member of the first identity management class to remove the second member from a second identity management class, and wherein the determining comprises determining, based on the hierarchical delegation information, whether the first member is allowed to remove the second member from the second identity management class. 4. The method of claim 1 , wherein the request is a request by the first member of the first identity management class to modify information of the second member of a second identity management class, and wherein the determining comprises determining, based on the hierarchical delegation information, whether the first member is allowed to modify the information of the second member of the second identity management class. 5. The method of claim 1 , wherein mapping the groups of the plurality of tenants to the identity management classes comprises mapping the groups of the plurality of tenants to system groups, the method further comprising: mapping, by the system, the system groups to the respective roles. 6. The method of claim 5 , wherein mapping the groups of the plurality of tenants to the system groups is performed by an identity management engine, and wherein mapping the system groups to the roles is performed by the at least one application. 7. The method of claim 5 , wherein the system groups are common to a plurality of applications that have different sets of roles. 8. The method of claim 1 , wherein mapping the groups of the plurality of tenants to the identity management classes comprises mapping the groups of the plurality of tenants to the roles. 9. The method of claim 1 , wherein the at least one application is a cloud-based application for providing one or a combination of cloud resources and cloud services to members of the plurality of tenants. 10. A cloud system comprising: at least one of a cloud resource and a cloud service accessible by a plurality of tenants of the cloud system; and at least one storage medium to store a mapping between groups of the plurality of tenants and identity management classes corresponding to respective roles that grant respective permissions to access the cloud resource or cloud service, wherein the identity management classes are associated with hierarchical delegation information that specifies delegation rights among members of the identity management classes; and at least one processor to: receive a request by a first member of a first of the identity management classes to perform delegation with respect to a second member of a particular one of the identity management classes, wherein to perform the delegation with respect to the second member includes at least one of enrolling the second member in a particular identity management class, modifying information of the second member in the particular identity management class, or removing the second member from the identity management class; and in response to the request, determine, based on the hierarchical delegation information, whether the first member is allowed to perform the delegation with respect to the second member of the particular identity management class, wherein a first group and a second group of the groups of the plurality of tenants have a same role, but are mapped to different identity management classes having different delegation rights, wherein the delegation rights of each of the members of the identity management classes specify rights of each of the members of the identity management class to perform delegation with respect to further members of the identity management class. 11. The cloud system of claim 10 , wherein the particular identity management class is the same as the first identity management class. 12. The cloud system of claim 10 , wherein the particular identity management class is different from the first identity management class. 13. The cloud system of claim 10 , wherein the mapping includes a first mapping between the groups of the plurality of tenants and system groups that correspond to the identity management classes, and a second mapping between the system groups and the roles. 14. An article comprising at least one non-transitory machine-readable storage medium storing instructions that upon execution by a cloud system cause the cloud system to: store a mapping between groups of a plurality of tenants and identity management classes corresponding to respective roles that grant respective permissions for performing tasks with respect to at least one application, the at least one application accessible by the plurality of tenants and managing access of one or a combination of a cloud resource and a cloud service, wherein the identity management classes are associated with hierarchical delegation information that specifies delegation rights among members of the identity management classes; and in response to a request by a first member of a first of the identity management classes to perform delegation with respect to a second member of one of the identity management classes, determine, based on the hierarchical delegation information, whether the first member is allowed to perform the delegation with respect to the second member, wherein to perform the delegation with respect to the second member includes at least one of enrolling the second member in a particular identity management class, modifying information of the second member in the particular identity management class, and removing the second membe