Managing invalid groups
If a group that is managed by Bravura Security Fabric is deleted from the target system, then the group is listed as invalid the next time auto discovery runs. Bravura Security Fabric remembers the group until it is restored, or until Bravura Security Fabric automatically stops managing the group. If a group is restored, then the group members are also restored.
Depending on the target system, adding a new group with the same name may not necessarily restore the group.
Once a group is listed as invalid, Bravura Security Fabric automatically stops managing the group after 30 days by default. When Bravura Security Fabric automatically stops managing a group, it is removed from all roles, SoD rules, and pre-defined requests.
You can control the amount of time that a group can be listed as invalid by changing the value of the KEEP INVALID MANAGED GROUP DAYS system variable.
Bravura Security Fabric administrators are notified when:
A managed group becomes invalid
A managed group is restored
Bravura Security Fabric automatically stops managing a group
The invalid status of a managed group is visible to product administrators and requesters. Requesters can still create requests for invalid managed groups, but the requests cannot be completed until the group is restored.