Skip to main content

User class policies

A user class policy is a point within Bravura Security Fabric where user classes can be utilized to define a group of users. This can sometimes remove the need for writing complicated scripts.

The user class policies available within Bravura Security Fabric are:

  • [Shared] – available to all user class policies.

  • Pre-defined request – user classes can define access to pre-defined requests.

  • Administrator group – user classes can define membership to administrator groups.

  • Filter user plugin – user classes can filter out users with the FILTER USER PLUGIN.

  • Keep user plugin – user classes can filter users to keep with the KEEP USER PLUGIN.

  • Generate user plugin – user classes can generate lists of users with the GENERATE USER PLUGIN.

  • Delegated administrator rule – user classes can define membership to delegated administration rules.

  • Global help desk rule – user classes can define membership to the global help desk rules.

  • Self-service rule – user classes can define membership to the self-service rules.

  • Profile comparison rule – user classes can define membership to the profile comparison rules.

  • Authorizer group for template – user classes can define membership to the authorizer group for templates.

  • Authorizer group for target system – user classes can define membership to the authorizer group for target systems.

  • Authorizer group for role – user classes can define membership to the authorizer group for roles.

  • Authorizer group for segregation of duties rule – user classes can define membership to the authorizer group for segregation of duties rule.

  • Authorizer group for managed group – user classes can define membership to the authorizer group for managed groups.

  • Authorizers for a request to search recorded sessions – user classes can define membership to the authorizer group for requests to search recorded sessions.

  • Authorizers for a request to view a recorded session – user classes can define membership to the authorizer group for requests to view recorded sessions.

  • Authorizers for a request to access accounts – user classes can define membership to the authorizer group for requests to access accounts.

  • Implementer group for template – user classes can define membership to the implementer group for templates.

  • Implementer group for target system – user classes can define membership to the implementer group for target systems.

  • Implementer group for managed group – user classes can define membership to the implementer group for managed groups.

  • Escalation plugin – user classes can determine to whom a request should be escalated, or provide a short list with ESCALATION PLUGIN.

  • First change escalation plugin – user classes can determine to whom a request should be escalated, or provide a short list with FIRST CHANCE ESCALATION PLUGIN.

  • Certification – user classes can determine who will be reviewed in certification campaigns.

  • Certification by user class – user classes can determine reviewer relationships in certification campaigns by defined relationship.

  • Notification – user classes can determine pre-conditions for notifying users.

  • User groups: Access to profile and request attributes – user classes can define membership in user groups for access controls on profile and request attributes.

  • User groups: Access to resource attributes – user classes can define membership in user groups for access controls on resource attributes.

  • User groups: Privileged access to systems – user classes can define membership in user groups for issuing Bravura Privilege requests.

  • Automated group membership – user classes can determine who should automatically be assigned or removed from roles.

  • Automated role membership – user classes can determine who should automatically be assigned or removed from roles.

  • Password policy for target system group – user classes can determine which password policies applies to groups of users, via target system groups .

In this section: