Changing role memberships
Entitlements such as accounts and group memberships can be grouped as roles.
Roles may be assigned even when the recipient of the request already has some or all of the required entitlements (such as an account or group memberships).
Change role membership
The following procedure describes how to update profile information using the standard Change role membership request. To update role membership:
Click Change role membership in the requests section.
Bravura Security Fabric displays the request wizard.
The list of provided entitlements is collapsed by default. To expand the list of entitlements use the "expand"/"collapse"
icon in the "Required entitlements" column.
Select or deselect the checkboxes for the roles that you want to join or leave.
If the role includes optional entitlements, click the magnifying glass
icon to open the Optional entitlements pop-up box.
Select checkboxes for the entitlement that you want to include in the request, then click Done .
Selected entitlements are noted in the Details panel.
If required, resolve enforcement violations .
If the selected accounts cause new SoD violations, resolve SoD violations .
Click Submit.
Relevant authorizers are notified to review the request if necessary. See Tracking and updating requests to learn how to track your request.
Change role membership attributes
Administrators can add attribute fields to gather additional information about role membership. End users can add or update the attribute values by requesting a change in role membership. The following procedure describes how to update role membership attribute values using the standard Change role membership request. It assumes that roles have been defined and assigned to an end user.
To add role membership attributes:
As a product administrator, click Manage the system > Resources > Resource attributes.
Click Add new…
Enter values as follows:
ID: ROLE_ATTR1
Description: Role reason
Type: String
Minimum required number of values: 0
Maximum required number of values: 1
Click Add.
Click Add new… to add another attribute.
Enter values as follows:
ID: ROLE_ATTR2
Description: Role date
Type: Date/time
Minimum required number of values : 0
Click Add.
Now two attributes can be added to the role membership request page.
To set access controls for the new attribute, add it to an attribute group:
As a product administrator, click Manage the system > Resources > Resource attribute groups.
Click Add new…
Enter the following values:
ID: ROLE_ATTR_GROUP
Description: Role attributes
Resource type: Role memberships
Click Add.
Click the Access control tab.
Select the checkboxes to allow the ALLUSERS group read and write permission.
Click the Members tab.
Click Select…
Select the checkboxes for ROLE_ATTR1 and ROLE_ATTR2, then click Select.
To add the role membership attributes to the Update role membership request:
As a product administrator, click Manage the system > Workflow > Pre-defined requests .
Select the built-in _UPDATE_ROLE_ request.
Select the Attributes tab.
Click Select…
Select the checkbox for the ROLE_ATTR_GROUP, then click Select.
To update role attributes as an end user:
Click Change role membership in the requests section.
Bravura Security Fabric displays the request wizard.
Enter values for the attributes.
Click Submit.
Relevant authorizers are notified to review the request if necessary.
Attribute values are displayed on the request details page.
