Skip to main content

Managing team group memberships

To update a group’s membership, log into Front-end (PSF) as a team trustee and use the Team: Manage Group Membership request. When selected, a wizard will guide you through the process of updating the team’s group membership.

This request can be made by either the team trustee of the team or the team administrator, however the latter will require authorization by the team trustee.

  1. From the home page, click Manage resources.

  2. Click Team: Manage Group Membership.

  3. Select the team to be updated.

    3386.png

    Click Next .

  4. Select the groups to be managed.

    3387.png

    Click Next .

  5. Add or remove users from the group.

    You can add users who have profiles in Bravura Security Fabric , or add managed groups as child groups.

    3388.png

    Click Submit.

    Bravura Security Fabric notifies authorizers to review the request if required.

  6. Click the View request link at the top of the page to view the status of the request.

Once submitted and approved, the group’s membership will be updated with the users that have been selected.

The request will not proceed if updating a team group’s membership results in none of the groups with team trustee privileges on a team with at least one user defined.

Limiting the number of child groups displayed

By default, child groups from all targets are selectable from the Team: Manage Group Membership pre-defined request. To limit the amount of child groups by only displaying those from certain target systems, a new entry can be added to the hid_global_configuration table for each target.

team-restrict-child-groups

  • namespace: pam_team_management

  • setting: TEAM-MEMBERS

  • key: TARGET_TO_SHOW

  • value: the ID of the target system whose child groups will be shown

API automation for team group membership

Once the API has been configured (See ”SOAP API” in Bravura Security Fabric Remote API (api.pdf) and your script has been authenticated to the API (Login or LoginEx API calls), the WF API calls can be used to create an API request to manage team group membership.

Use the WFPDRSubmit function to create a workflow request and submit the request for publishing.

When submitting a request, use ”TEAM-MEMBERS” as the PDR ID. At a minimum, the request requires the following attributes:

attrkey

value

TC

The name of the team.

TC_GROUPS

The team group name(s).

*_MEMBERS

The profile GUID of the user(s) for the team group, where * is the team group name. This only needs to be defined for team groups with the Team_Trustees privilege only.

TEAM-MEMBERS batch request sample:

"TC","TC_GROUPS","Group2_MEMBERS","Group3_MEMBERS"
"TEAM-000000","Group2,Group3","5CA66384-6277-4360-B94F-9D34F4F36F13","1BE00757-A15E-4BA1-A528-507AE744E47F"
In this section: