Built-in user classes
There are default user classes set up for basic workflow and security. Installing Bravura Pattern also adds several user classes.
The following are built-in user classes installed with the base product:
Note
User classes marked with a 
cannot be modified.
_ACCESS_ALL_ACTIVE_CHECKOUTS_ | This includes all users that will be granted the All and Active privileged access check-out filters. |
_ACCESS_DASHBOARD_ | This class includes all users who can access dashboards. |
| This built-in user class includes all users. Users that are pre-existing and those that do not yet exist. |
_ANALYTICS_READERS_ | The user being included can run, save, and read reports. The user can access the Analytics if it has been installed. |
| In this built-in user class the participant is a pre-existing user. |
_EXPLICIT_API_USERS_ | This includes dedicated users of the API. Users assigned to this class have default API access. |
_EXPLICIT_API_USERS_TPM_ | This includes dedicated users of the API. Users assigned to this class have default API access, which is used by Phone Password Manager . |
_EXPLICIT_REST_API_USERS_ | This includes dedicated users of the REST API. |
_GLOBAL_HELP_DESK_ | This includes all basic, front-line, help desk users. |
_GROUP_CREATE_USERS_ | This includes users who can create groups. |
_HELP_DESK_MANAGERS_ | This includes help desk users who have elevated privileges, including access to help other help desk users and help desk managers. |
_IT_SECURITY_ | This is for all IT Security users. Installation of Bravura Workforce Pattern configures criteria, where participants who have the DEPT attribute of IT-SECURITY will be a member of this user class. |
| The recipient of an access change request is the direct subordinate of the requester. This user class is useful in pre-defined requests and access certification. By default this built-in user class is an equivalent, though optimized, version of the PSLang expression reportsTo($RECIPIENT,$REQUESTER,1) . |
| The recipient of an access change request is a subordinate of the requester, directly or via other managers. This built-in user class is similar to the _MANAGER_DIRECT_ user class, except it also includes their manager’s manager, etc. |
| This built-in class includes users who have registered mobile devices. |
| In this built-in user class the participant does not yet exist as a user. |
| In this built-in user class, the two participants are different users. |
| In this built-in user class, both participants are the same user. This relationship is often used to restrict access to specific requests for self service only. |
_REPORT_READERS_ | The user being included can run, save, schedule, and read reports. |
| The user in the ATTR_AUTO_PROPAGATE_REQUESTER system variable , used to automatically propagate profile attribute value changes. |
| The user in the RBAC_AUTO_PROPAGATE_REQUESTER system variable, used to automatically re-align users with their expected RBAC entitlements. |
| The user being included is a manager. By default this built-in user class is an equivalent, though optimized, version of the PSLang expression isManager($USERID) . |
