Overview of user types
Access controls assigned to users’ profiles determine the features and functions that they can access in Bravura Security Fabric ; for example, only certain users can access the Manage the system (PSA) module. Depending on their capabilities, users are categorized as one or more of the user types listed in the table below.
Symbols in this document indicate that the marked content applies to specific product licenses:
Bravura Privilege | 
Bravura Identity | 
Bravura Pass
Regular user | A user who has an account on a target system, and can log into Bravura Security Fabric . Generally, you create regular users by creating a source of profiles in Bravura Security Fabric . | |
Requester | A user who can request access changes. In general, all regular users can be requesters; however, a user’s ability to submit requests may be limited by his access rules, policy rules, authorization workflow logic, or Bravura Security Fabric configuration. | |
| Help desk user | A regular user who can log into Bravura Security Fabric and act on the behalf of other users. Help desk users are participants in a user class that has been granted user access rules, such as the HELP_DESK_MANAGER or the GLOBAL_HELP_DESK user classes. |
| Authorizer | A user who can review and act on security change requests. Any regular user can be assigned as an authorizer. |
| Workflow manager | An authorizer who can approve, modify, deny, or cancel any authorization request. You can grant this capability by assigning a user the ”Manage workflow requests” user access rule. This capability can also be delegated. |
| Delegation manager | A user who can delegate the responsibilities of a user to another user. You can grant this capability by assigning a user the ”Delegate workflow requests” user access rule. This capability can also be delegated. |
| Implementer | A “human agent” that manually fulfills requests. An implementer can accept or decline tasks, and mark them as completed or cannot be completed. For example, instead of running a connector program, Bravura Security Fabric can notify an implementer that an access change request has been approved. The implementer then uses the Requests app to accept the task, completes the change using tools available on the target system, then uses the Requests app to mark the task as completed. You can grant this capability by adding any user as an implementer for resource operations on a per-resource basis. If a user is also an inventory manager, then they can also assign inventory items. This capability can be delegated. |
| Inventory manager | A user who can manage inventory items by location and type. You can grant this capability by adding a user to the list of inventory managers (Manage the system > Inventory > Inventory managers), and designating the user as an inventory manager for a specific inventory location and type. If a user is also an implementer, then they can also assign inventory items. This capability can be delegated. |
| Trustee | A user who can modify team settings, group memberships and privileges. They can also onboard and offboard systems and accounts to their teams. |
| Reviewer | A user with the responsibility for certifying users’ access rights. You can grant this capability by selecting the user as a reviewer for a certification campaign. |
Product administrator | A user who has been granted administrative privileges. These privileges control access to the administrative web modules and the Bravura Security Fabric API. Product administrators may or may not have an account on a target system. There are several types of product administrators. These are described in Product administrator types . |