Skip to main content

Overriding default group attribute configuration

To override the default configuration for an individual group attribute:

  1. Select an override level.

  2. Select the Defaults tab.

  3. Browse to select the attribute you want to override.

    Bravura Security Fabric displays a page containing configuration information for the attribute.

  4. Click Override to display the override configuration page.

    2562.png

  5. Click Add at the bottom of the form.

    Additional configuration options are now available to you.

  6. Proceed to:

  7. Confirming and testing changes

Changing the configured action

The configured action determines how Bravura Identity should create the group attribute during the “create group” and “update group” operation.

To change the configured action for individual group attributes:

  1. Navigate to the override configuration page.

  2. Select the appropriate action from the Action when creating group drop-down list:

    • None – Ignore the attribute when setting up a new group.

    • Set to specified value – Set the attribute to specific values or according to resource attributes.

    You cannot select an action that is not supported for the attribute.

  3. Select the appropriate action from the Action when updating group drop-down list:

    • Set to specified value – Set the attribute to specific values or according to resource attributes.

    • Set to specified value when mapped profile attribute changes – Set the attribute to specific values or according to resource attributes only when the profile attribute has changed.

    • None – Ignore the attribute when updating the group.

    You cannot select an action that is not supported for the attribute.

  4. Click Update.

Next:

If the set action for the attribute is Set to specified value, do of the following:

Modifying attribute value constraints

Group attribute value constraints determine rules for attribute-value composition. By default, attributes are loaded as single-valued.

Note

Group attribute value constraints must be compatible with the mapped resource attribute or the attribute values you specify. For example, you cannot map a required group attribute to an optional resource attribute, or a single-valued group attribute to a multi-valued resource attribute.

To modify attribute value constraints:

  1. Navigate to the override configuration page.

  2. Change the following fields as required:

    • Minimum number of values – determines whether an attribute is required. Type 0 to make this attribute optional or type a number greater than zero to require a minimum number of values.

    • Maximum number of values – determines whether more than one value is allowed. Type -1 to indicate that there is no maximum or type a number greater than zero to set the maximum number of values.

      The maximum number of values must be at least as big as the minimum number of values.

    • Attribute type – select one of the following types: Binary, Boolean, String, Memo, Integer or File.

    • Encoding used to store value – select: No encoding, or Base 64.

  3. Click Update.

Loading attributes

During auto discovery , Bravura Security Fabric loads a list of groups on target systems into its internal database. By default, Bravura Security Fabric also loads the most commonly used group attributes.

You can configure Bravura Security Fabric to load group attributes at the target type or target override levels. To do this:

  1. Navigate to the override configuration page.

  2. Enable the Load attribute values from target system checkbox.

  3. Click Update.

    Attributes must be listed before they can be loaded. If the List groups and List attributes options are not enabled for a target system, you must provide a list.

If you want users to be able to view or edit the attribute value, map the group attribute to a resource attribute.The Load attribute values from a target system option is automatically set when you map to a resource attribute.

Note

Mapping a group attribute to a resource attribute will enable a user to edit the attribute value, and the value will be updated on the target system. However, only the values from the most commonly used group attributes are loaded from the target system back to Bravura Security Fabric.

Mapping group attributes to resource attributes

Resource attributes allow any number of group attributes to be mapped to a single value in groups’ data. Several attributes are mapped by default; for example, the Active Directory _container_dn attribute is mapped to the GROUP_OU resource attribute. Attributes that are mapped to resource attributes are listed by default when the target system’s List group attributes setting is enabled.

In order to map an group attribute to a resource attribute, the attributes’ requirements (number of values, attribute type, encoding) must be compatible.

To map an group attribute to a resource attribute:

  1. Select an override level .

  2. Select a group attribute.

  3. Choose the resource attribute to map to. You can either:

    • Search for the resource attribute

    • Type the resource attribute ID in the Map group attribute to resource attribute field.

    The Populate mapped resource attribute with values from target system option will automatically be selected when the Map group attribute to resource attribute field is filled in and when the Load attribute values from target system has been checked. You can disable the mapping of attributes by deselecting this box.

  4. Click Update.

Mapping target system boolean attribute values

Profile and resource attributes in Bravura Security Fabric represent boolean values internally using T and F for true and false, respectively. However, target systems may use values other than T and F to represent boolean attribute values. Use the configuration settings Target system attribute value that represents [True] and Target system attribute value that represents [False] to ensure that target system boolean attribute values are converted correctly to mapped profile or resource attributes. For example, if a target system attribute uses 1 for true and 0 for false, then set Target system attribute value that represents [True] to 1 and Target system attribute value that represents [False] to 0.

Tracking group attribute changes

Changes to group attribute values can be tracked.

  1. Navigate to the override configuration page.

  2. Select the Track changes option.

  3. Click Update.

Specifying attribute values

Specifying fixed values will apply to group creation and update.

The steps to specify attribute values for the "set” action, when not mapping them to resource attributes, vary according to the attribute type.

Values set for Map group attribute to resource attribute will override specified values.

To specify a character or number value for an group attribute:

  1. Navigate to the override configuration page.

  2. Set the Value type to Literal value or PSLang expression as appropriate.

  3. Type a value in the field under the Attribute value header.

    For boolean type values, select True, False, or Unset from the drop-down list in the Attribute value column.

    For PSLang expressions, you can select an available expression from the auto-completion list.

  4. Click Update.

    If more than one value is allowed by the Maximum number of values, Bravura Security Fabric adds more fields below the one you just entered.

  5. If applicable, add more values, and click Update.

Deleting specified attribute values

To delete an attribute value that you have specified:

  1. Navigate to the override configuration page.

  2. Select the checkboxes next to the values you want to delete.

  3. Click Delete at the bottom of the ”values” form.

Confirming and testing changes

After you have made changes on the override configuration page:

  1. If required, confirm your changes. Click:

    • Yes (recommended), if you want to reload attribute values during the next auto discovery .

      In this case, Bravura Security Fabric updates the SQLite-based list files that correspond to the affected target systems (for example, WINDOWS1.db) with a full attribute list.

    • No, if you want to reload attribute values only when the attribute changes on the target system.

      This may help to speed up auto discovery ; however, it may also result in empty or out-of-date attributes in the Bravura Security Fabric database.

  2. Click Back to return to the Group attributes page.

    The attribute now appears in one of the level overrides tabs.

  3. If required, run auto discovery to update your system.

  4. Test your changes.

    Ensure that attribute information can be listed (if applicable), and that groups can be created, updated, and deleted successfully.

In this section: