Skip to main content

Use cases for automatic assignment

This section provides use cases to illustrate how automated assignment can be implemented with Bravura Security Fabric .

Automatic provisioning of groups

Existing process

A company currently has manual processes for assigning department employees to their respective resources. Over time, users that have transitioned from department to department have not had their resources cleaned up properly.

Requirements

To ensure that employees are assigned to the correct departmental resources, the company needs to:

  • Do an initial bulk group assignment and removal of users that currently exist in an Active Directory group depending on the user’s department attribute

  • Monitor new account creation in Active Directory and add users to the appropriate department group

  • Monitor account updates in Active Directory and add or remove users from the respective groups.

Solution design

To resolve the requirements using Bravura Security Fabric auto assignment, all users must have their department attribute set. Bravura Security Fabric is then configured to:

  1. Map the Active Directory department attribute to a department profile attribute.

  2. Create user classes which use the department attribute for membership criteria.

  3. Manage all the department groups on Active Directory.

  4. Automatically assign users to groups, based on the above.

Users with the department attribute set will be automatically added to their respective resource groups. When the removal option is set these users are automatically removed from the department resources when they no longer belong to the department.

Automatic provisioning of roles

Existing process

A company currently has manual processes for assigning help desk users to help desk applications and resources.

Requirements

To ease the assignment for existing users and new users, the company needs to:

  • Do a bulk role assignment for users that currently exist in an Active Directory user group called Support.

  • Monitor new account creation in Active Directory and add users to the help desk role when requesting access to the Support group.

  • Remove users from the help desk role if they have been removed from the Support group.

Solution design

To resolve the requirements using Bravura Security Fabric auto assignment, all help desk users must be a member of the Support group on Active Directory. Bravura Security Fabric is then configured to:

  1. Manage the Support group on Active Directory.

  2. Create a user class with a group membership criteria of the help desk group on Active Directory.

  3. Create a role that includes all the entitlements that a help desk user will require.

  4. Automatically assign users to the help desk role, based on the above.

Users that are members of the Support group will be automatically assigned the Support role. When a new user requests access to the Support group, they will be automatically assigned the role. And conversely if they are removed from the group, they are removed from the role.

In this section: