Skip to main content

Configuring auto assignment

The automatic assignment engine can automatically assign users that are members of a user class to a role.

To set automatic assignment options for roles:

  1. Navigate to the Role information page .

  2. Select the Assignment tab.

  3. Select or create to define membership criteria.

  4. Click Recalculate to calculate the membership cache.

    In a replicated environment, cache recalculation can only be performed on the instance which runs psupdate .

  5. Select the Enabled checkbox.

    Additional options are displayed.

  6. Set options described in the table below to suit your needs.

  7. Click Update.

Table 1. Role assignment options

Option

Description

Automatically add users that satisfy the membership criteria

Select this to allow the automatic assignment program, autores, to add users that have membership in the specified user class from the role during auto discovery.

Automatically remove users that no longer satisfy the membership criteria

Select this to allow the automatic assignment program, autores, to remove users that do not have membership in the specified user class from the role during auto discovery.

Ignore submission limit during auto discovery

Select this if you want this automatic assignment to exceed the maximum allowed number of request submissions.

This setting overrides the global submission limit set by AUTO ASSIGNMENT MAXSUBMIT DEFAULT (Manage the system > Workflow > Options > Automation).

Submit no requests if there are more than this many operations detected in a single run

Set a limit if you do not want autores to submit any requests if too many variances are detected. If this happens Bravura Security Fabric sends an email to product administrators.



If roles include resources that require passwords, configure the PASSWORD GEN PLUGIN.

Generating an assignment deficit or surplus report

To generate a simple report of users that have a deficit or surplus of a role assignment, click the Deficit or Surplus sub-tabs. Bravura Security Fabric does not issue requests when you run this report. You can search for users on either of these pages. To see a more detailed report, see Reports . To issue requests, run the autores program.

Testing user class

You can verify that the user class defined will produce the correct list of users that will be automatically assigned this resource.

To test the user class defined:

  1. Navigate to the Role information page General tab.

  2. Click the Test... button.

  3. Type the User ID of the user to evaluate, then click Test.

    The Test button evaluates all criteria defined for the user class, not just the criteria selected.

Bravura Security Fabric displays the test results, specifying whether the user satisfied the criteria for the user class.

To list members of the user class:

  1. Navigate to the Role information page General tab.

  2. Click the Test... button.

  3. Click List.

    The list of members is displayed. If no members are listed, then there are no users matching the criteria for the specified participant.

In this section: