Components for authorization workflow

The Functional.im_policy_authorization component, installed with Bravura Pattern, provides a policy framework to determine authorizers for different types of requests.

When installed, Functional.im_policy_authorization automatically sets the Bravura Security Fabric IDSYNCH AUTH CRITERIA MOD PLUGIN to control\plugin_authmod.py.

The im_policy_authorization table aggregates authorization rules that are set up by components. Product administrators can add new authorization rules and modify existing ones by modifying this table; to add or remove authorizers based on request attributes, requester or recipient information, and operations requested.

The rules set in the im_policy_authorization table override any settings made in the Manage the system (PSA) module.

Key parameters to set in the table include:

The component-based policy approach to authorization workflow supersedes the plugin functionality. You can access the policy via the external data store (extdb) module , rather than needing to edit script files on the Bravura Security Fabric server.

The business logic and all its effects can be analyzed in smaller cross-sections by filtering it with searches down to:

Component details

Every external database table is defined in the model.py script of the functional component, usually installed as a dependency of a scenario component.

The default component's script is component/Default/Functional/im_policy_authorization/model.py , which also imports component/Default/Functional/hid_policy_authmod/model.py .

The table model of im_policy_authorization adds columns to the ones imported from hid_policy_authmod

The names of columns can be found in the _column_order attribute of the policy class (in this case, PolicyAuthorization).

The default data that the component brings to the solution is usually in CSV files provided as part of either a functional, scenario, or pattern component. Component data at component install time can be further modified with differences specific to each environment where the instance is to be installed, in the instance's environment\ directory.

The default policy data is loaded by other components which depend on Functional/im_policy_authorization:

The functional component does not add any policy data of its own; instead it adds two options to the hid_global_configuration table:

The raw data of the policy table at any given point after component install can be found in the instance's db\extdb.db file, which is a sqlite3 database.

For troubleshooting purposes, you can view and search the database directly if needed from the command line or from a sqlite GUI like Sqlite Studio. In everyday use, it is recommended that any changes be applied through the product Manage external data store module .