Built-in attribute groups
The following attribute groups are included in Bravura Security Fabric :
Attribute group | Description | Members | Access control | Operations |
|---|---|---|---|---|
APP_BUILTIN | Bravura Privilege built-in attributes, used in the Privileged access app and Session monitor. | desc_app, notes_app, email_app | All authorizers (read), recipients (read), requesters | Single account access, Temporary group membership, Account set access, View recorded sessions, Search recorded sessions, Download recorded sessions |
APP_RECIPIENT | Bravura Privilege recipient attributes, used in the Privileged access app. | recipient_app | All authorizers (read), recipients (read), requesters | Single account access, Temporary group membership, Account set access |
ARCHBASEATTR | Bravura Privilege request base attributes, used in check-out requests. | ppm_view_time_begin, ppm_view_time_end, use_duration, duration_unit, duration_interval | All authorizers, recipients (read), requesters | Single account access, Temporary group membership, Account set access |
ARCH_EXTEND_CHECKOUT | Bravura Privilege check-out extension details. | arch_extend_checkout_reason, duration_interval, extension_duration_unit | All authorizers, recipients (read), requesters | Extend a check-out |
ARCH_REQ_GRP | Bravura Privilege group set attributes, used in the Privileged access app. | account_target_list | All authorizers (read), recipients (read), requesters | Temporary group membership |
ARCH_REQ_SSH | Bravura Privilege SSH attributes, used in the Privileged access app. | arch_operation_type, ssh_auth_key | All authorizers (read), recipients (read), requesters | Single account access, Generic PAM check-out request |
BASEATTRIBUTE | Base attributes for all user profiles. | first_name, other_name, last_name, profile_pic | All authorizers, implementers, requesters, and recipients of access change requests. | View profile, Create user profile, Update profile |
SSH_PUBLIC_ATTRS | SSH public key attributes for all user profiles. By default, this is not displayed to users. | ssh_public_keys | All authorizers (read), self | View profile, Create user profile, Update profile |
CERT_ATTR_TO_DISPLAY | When starting a new certification campaign, the page shows the members of this attribute group by default. | email, profile_pic | All reviewers (read) | No operations set |
CERT_ORGCHART_MANAGER | During a certification campaign based on an OrgChart, this attribute group is used to determine OrgChart managers and is used in transfer requests. | orgchart_manager | All requesters, all recipients, all reviewers, all authorizers, all implementers | No operations set |
MAQBASEATTR | Bravura Privilege account set access request attributes used for command execution. | maqcmd_scope, maq_command | All authorizers, requesters and recipients | Account set access |
ORGCHART_DISPLAY | Displays attributes for each user on the page. For example, add the EMAIL attribute to display each user’s email address in the OrgChart structure. | profile_pic | No access controls; visible to all users | Operations cannot be set, only for viewing on the Browse the OrgChart page |
RBACENFORCEATTR | Attributes used to place users in role-enforcement jurisdiction. | rbacenforce | All authorizers, implementers, and requesters | View profile, Create user profile, Update profile |
REQUESTONLY | Used only in the context of a request, and do not modify a user’s profile. By default, this is not displayed to regular users. | viewable_by_recipient | All authorizers, implementers, and requesters of access change requests | No operations set |
SM_BROWSER_VIEW | Bravura Privilege recorded session meta data browser view limits. | sm_browser_view_time_end, sm_browser_view_time_start | All authorizers (read), requesters | View recorded sessions |
SM_SEARCH | Bravura Privilege recorded session meta data browse limits. | sm_search_dest_managed_system, sm_search_initiator, sm_search_managed_account, sm_search_search_time_end, sm_search_search_time_start, sm_search_sess_time_end, sm_search_sess_time_start, sm_search_source sm_search_source_account, sm_search_msps | All authorizers (read), requesters | Search recorded sessions |
SM_VIEW | Bravura Privilege recorded session meta data view limits. | sm_event_type, sm_view_expiry_time | All authorizers (read), requesters | Download recorded sessions |