Configuring target-system-level role enforcement
The role enforcement engine can identify users who have excessive or insufficient access, and issue workflow requests to correct variances. To set role-based access control (RBAC) enforcement options for target systems:
Navigate to the target system’s Role enforcement page .
Select the Enabled checkbox.
Bravura Security Fabric displays the resolution settings.
Note
Role enforcement cannot be enabled on the target system until at least one template account has been configured for it.
If required, select a setting for the Resolution for deficit violation, to determine what action Bravura Security Fabric takes when it discovers users who do not have an account on the target system, when they have a role that requires it:
Add resource
Request exception
Use parent role setting
The default is to take the setting from the target system’s parent role.
If required, select a setting for the Resolution for surplus violation, to determine what action Bravura Security Fabric takes when it discovers users who have an account on this target system, but do not have a role that includes it:
Remove resource
Request exception
The system default is displayed as the “Effective setting”.
Click Update.
Global RBAC enforcement options must also be set before these settings can take effect.
Generating a profile statistics report
To generate a simple report of users with a deficit or surplus violation for this target system, click Generate. Bravura Security Fabric does not issue violation enforcement requests when you run this report. To see a more detailed report, see Reports . To list violations and issue enforcement requests, run auto discovery or use the rbacenforce program.
Testing users
To determine whether an individual user has a deficit or surplus violation, type the user’s Profile ID and click Test. The user’s RBAC enforcement profile and request attribute must be set to true.