Skip to main content

Static authorizers

In Bravura Security Fabric , an authorizer is a user who can review and act on security change requests. Regular users with valid profiles can be assigned as static authorizers. Static authorizers can be mapped directly to resources or policies.

The types of requests that static authorizers can review and the actions they can take depend on the privileges granted to them by user access rules.

All authorizers that are mapped to resources are listed in Manage the system > Workflow. From here, you can select individual authorizers to:

  • Define when and how they are notified of pending requests

  • Determine whether their approval is required before a request can be approved

  • Determine whether their denial of any part of a request blocks the entire request

  • View the resources and policies to which they are assigned

Configuring static authorizers

Before you begin, ensure that requirements are met for email notification :

  • Bravura Security Fabric can determine users’ email addresses (highly recommended).

  • The required workflow settings have values under Manage the system > Workflow > Email configuration .

To configure static authorizers from the workflow menu:

  1. Click Manage the system > Workflow > Authorizers.

  2. Select or search to select the user whose authorizer settings you want to configure.

  3. Enter Authorizer notification parameters.

  4. Select the Denial blocks entire request checkbox if you want the authorizer to be able to block an entire request, rather than just part of a request.

  5. Select the Input is required before request can be approved checkbox if you want the authorizer’s approval to be required before any request to which he is assigned can proceed, regardless of the number of authorizers who have already approved the request.

  6. Click Update at the bottom of the form.

Table 1. Authorizer notification parameters

Option

Description

Email address

If Bravura Security Fabric is:

  • Set up to determine users’ email addresses, leave the default radio button selected. When adding an authorizer, the email address is entered automatically when you submit the form.

  • Not set up to determine users’ email addresses, or if you want to provide a different address, select the other radio button and type the authorizer’s email address in the adjacent field.

Notify this user immediately

Select this checkbox if you want this authorizer to be notified immediately as each stage of a request is reached.

Times of day to email

If you want to override the global email notification setting, type the regular times, in 24-hour format, that this authorizer should receive email reminders.

For example, type 9:00,13:00 to indicate that the authorizer receives email reminders at 9 am and 1 pm, or type 9:00-13:00 to indicate that the emails should be sent at regular intervals between 9 am and 1 pm.



Note

If you alter the reminder times or interval, messages that have already been queued will be sent at the previously set time. The new time values apply to messages triggered after you make the changes.

Assigning authorizers to a resource or policy

To assign static authorizers to a resource or policy, navigate to the authorization tab or section of the information page for the resource or policy.

If phased authorization is enabled (WF PHASED AUTH), you can assign authorizers to phases.

When you assign a static authorizer to a resource or policy, those objects are listed on the individual authorizer’s information page.

Deleting authorizers

Deleting an authorizer from a resource or policy only removes the user from the list of authorizers for that resource or policy. The user and their accounts still exist in the Bravura Security Fabric database.

In this section: