Automatically managing groups via auto discovery
If supported by the target system, Bravura Security Fabric connectors can list groups during auto discovery. Group owner information is included if it is available. You can configure Bravura Security Fabric so that it automatically manages groups and assigns the owner as the group authorizer.
To do this, configure the Automatically manage groups to be moderated by owners option on the applicable Target system information page. This option applies to Active Directory, Oracle Database, or Domino Server Script target system types. Select one of the following:
(Disabled): When this value is selected, groups on this target system will not be automatically managed. This is the default setting for this option.
Only groups with owners, moderated by owners: Only manage groups that have an owner. Assign the owner as the group authorizer.
All groups, approval required: Manage all groups on the target system. If a group has an owner, then the owner is assigned as the group authorizer. If a group has no owner, then no authorizer is assigned. Groups without authorizers require manual configuration.
Click below to view a demonstration of managing all groups on an Active Directory target by setting options on the Target System Information page, running auto discovery once to manage the groups, running auto discovery a second time to calculate membership and then viewing the managed groups.
In addition to adding the group owners as authorizers for the managed group, Bravura Security Fabric uses the following default values for managed groups:
Option/variable | Value |
|---|---|
Automatically add group owners as authorizers | Checked |
Minimum number of authorizers | 1 |
Number of denials before a change request is terminated | 1 |
Bravura Security Fabric does not change the configuration for groups that are already managed.