Skip to main content

Configuring template-level authorization

Define authorization information for templates to:

  • Set the number of approvals or denials required for requests involving the template.

  • Assign static authorizers to define who can approve account requests based on the template.

Users must be loaded into the Bravura Security Fabric database before you can define them as authorizers.

You must assign enough authorizers to meet the minimum number of authorizers requirement. If you do not do this, requests involving the resource are automatically denied unless authorizers are assigned by a workflow plug-in.

Inheriting authorization configuration from the target system

You can configure target systems so that templates inherit the authorization configuration settings of the target system. You can also override the configuration for a template, or add authorizers.

Enable inheritance by selecting the Default authorization for child resources, including templates and managed groups, will be inherited from the target system option on the relevant Target system information page .

To override or add to the configuration for a template:

  1. Navigate to the Inventory template information page .

  2. Set Override authorization configuration to:

    • Only use inherited configuration

    • Do not inherit any configuration

    • Add to inherited configuration (default)

  3. Click the Authorization tab.

    • If you choose not to inherit authorization, then the page shows authorization explicitly set up for the template; no authorization from the target system should display.

    • If you choose to add to inherited authorization, then the page displays settings that are both inherited and explicitly set for the template.

    When you choose to add to inherited authorization, the minimum number of required authorizers will be determined by the larger value set for the template or target system.

  4. Proceed to configure authorization as described in the rest of this section.

Configuring phased authorization

If phased authorization is enabled, navigate to the template’s Authorization page then:

  • Click Add new… if you want to add a phase.

  • To change the order of phases, change the numbers in the Authorization phase column and click Update.

  • Select a phase to define authorizers and settings.

Determining number of required approvals

To set authorization thresholds for a template:

  1. Navigate to the Inventory template information page .

  2. Click the Authorization tab.

    Select a phase if phased authorization is enabled.

  3. Type a value for the:

    • Minimum number of authorizers – A value of 0 means requests for the resource are auto-approved.

      The default value is set by the MIN AUTHORIZERS policy.

    • Number of denials before a change request is terminated – A resource request is canceled when this number of authorizers deny it, as long as the Minimum number of authorizers has not been reached.

      The default value is set by the MAX REJECTIONS policy.

  4. Click Update.

Assigning static authorizers

To assign static authorizers to a template:

  1. Navigate to the Inventory template information page .

  2. Click the Authorization tab.

    Select a phase if phased authorization is enabled.

  3. Click Select… at the bottom of the Authorizers table.

  4. Search for, or enable the checkboxes next to the authorizers that you want to assign.

  5. Click Select at the bottom of the page.

Assigning authorizers by user class

To assign authorizers to a template based on user class:

  1. Navigate to the Inventory template information page .

  2. Click the Authorization tab.

    The Users must be in the following user classes table allows you to define membership criteria.

  3. To define membership criteria:

    • Select existing user classes: Click Select… and enable the checkboxes for the user classes you want to add, then click Select.

    • Create new user classes: Click plus icon Add new… . See Adding user classes for full details on how to create a new user class.

  4. Configure Participant mapping for each user class that you add.

    Select and create user classes until you have defined membership.

  5. If your membership criteria includes multiple user classes, define whether users are required to match All of the user classes or Any of the user classes .

Removing users from membership

To remove users from membership, you can:

  1. Edit user classes to change the participants.

  2. Delete user classes from the membership criteria.

    1. Navigate to the membership criteria page where user classes are listed.

    2. Enable the checkbox next to the user classes you want to delete.

  3. Click Delete.

In this section: