Skip to main content

Requesting access using the Web interface

To request access to a network resource:

  1. Log into the main menu.

  2. Click Request access to network resources in the:

    • My profile section to request access for yourself.

    • Other users section to request access for another user.

      Bravura Identity displays the Select a user search page. Select the user that you want to request access for.

    Bravura Identity displays a table that allows you to browse network resources. Available resource types are listed in the Select: Resource Type (left) column:

    netres-select-type-t

  3. Select the appropriate resource type.

    Bravura Identity displays individual resources in the Browse: <Selected Type> (right) column:

    netres-browse-share-t

    Alternatively, you can search for the resource.

  4. Select the resource you want to browse.

    If you or the selected user has multiple accounts on the target system managing the resource, you are prompted to select which account you are requesting access permissions for.

    Resource type

    Bravura Identity displays …

    Share/folder

    A tree-view of the folder including any sub-folders.

    Mail distribution list

    A tree-view of the directory.

    Printer

    A list of printer names written in the format:

    <server name>-<printer name>.

    Sites

    A tree-view of SharePoint site including any sub-sites.

    Documents

    A tree-view of SharePoint documents including any sub-documents.

  5. Click the folder_open or folder_close icon to expand or collapse folders or directory containers. Depending on how Bravura Identity is configured, you may not be able to browse subfolders of a resource unless you are already a member of a group with read access.

    netres-privileges-icon

  6. Click the privileges icon 3332.png next to the resource you want to view.

    Bravura Identity displays a request form in the Select desired privileges for: <Resource name> (right) column:

    netres-nonmember-view-t

    If applicable, this column contains:

    • A list of groups with privileges on the resource

    • A Request access checkbox for each group that you can request access to.

      You cannot request access for yourself if you are already an owner or a member of the group. You cannot request access for somebody else if he or she is already an owner or a member of the group.

    • The read / write Privileges assigned to each group

    • The Owners for each group

    • A Child groups icon for groups that have member groups

      If you want to view or request access to a member group, click C hild groups next to the parent group (if applicable).

    • A display owners icon 3332.png and a members icon for groups where you are a group owner

      These icons are not available when requesting resources for another user. See Managing Access to Network Resources for more information about performing operations as a group owner.

  7. Select the checkboxes for the groups that you want to request access to.

  8. Click Complete.

    From this point, Bravura Security Fabric displays an error message if you select items that conflict with security rules .

Bravura Security Fabric enters the request into the authorization workflow.

Request access to a folder (multiple groups)

This use case demonstrates the process a user would follow to request access to a shared Sales folder.

The user could request access to the appropriate group that would provide them access to the folder, however, in most instances, a user would not know which group that would be. An alternative is to set up network resources and allow the user to request access to the shared folder. Bravura Identity will do the work in the background to enable the access.

Before a user can request access to the Sales folder, the following is required:

  • A folder named Sales is shared on a Microsoft Windows file server.

  • Groups have been used on the share to apply security, and those groups are managed by Bravura Security Fabric .

  • An Active Directory DN target has been added, and is configured to manage network resources.

  • Authorization has been set on the groups.

  • The share is added to Bravura Identity as a network resource.

To request access to the Sales folder:

  1. From the main menu, click Request access to network resources in the My profile section.

  2. Click Shares/Folders.

  3. Select the Marketing folder.

  4. Click the search 3332.png icon next to the folder that you want to access.

    The groups that have privileges to that folder appear on the right-hand side.

    netres-share-example-1-12.3

  5. Select the check box to join a group to access the Sales folder.

    You could continue to select more folders/groups that you want to access.

    Tip

    Although you can select multiple groups that have access to the same folder, the best practice is to choose correct privileges by selecting one group. This can be forced, as shown in Request access to a folder (single group).

  6. If required, type Requester notes.

    Requester notes are required if the IDR REQUIRES REASON NEWREQUEST option is enabled.

  7. Click Complete.

  8. Click OK to confirm the request.

    Bravura Security Fabric enters the request into the authorization workflow.

The Workflow Manager Service routes the request to the selected group owner for authorization. After authorization is complete the Transaction Monitor Service runs a connector program that adds the user to the selected groups on the target system and the user will have access to the Sales and Public Relations folders.

Request access to a folder (single group)

This use case demonstrates the process a user would follow to request access to a shared Public Relations folder.

A network resource has been set up to allow the user to request access to the shared Public Relations folder. By default, a user can request access to several groups at a time. In this use case however, the IDR NETWORK RESOURCE SELECT ONE GROUP system variable has been enabled, restricting the users to requesting access to one group at a time. In this case, the user can choose between a group that has read-only access or read and write access.

Before a user can request access to the Public Relations folder, the following is required:

  • A folder named Public Relations is shared on a Microsoft Windows file server.

  • Groups have been used on the share to apply security, and those groups are managed by Bravura Security Fabric .

  • An Active Directory DN target has been added, and is configured to manage network resources.

  • Authorization has been set on the groups.

  • The share is added to Bravura Identity as a network resource.

Configure the IDR NETWORK RESOURCE SELECT ONE GROUP system variable

  1. Log in to the front-end as superuser.

  2. Click Manage the system > Modules > View and update profile (IDR).

  3. Enable the IDR NETWORK RESOURCE SELECT ONE GROUP variable.

    Enabling this variable will restrict the users to requesting one group/resource at a time.

    ObjectTypeDescriptionBased OnModifiedModifiedByCodeVersionState

  4. Click Update.

To request access to the Public Relations folder:

  1. From the main menu, click Request access to network resources in the My profile section.

  2. Click Shares/Folders.

  3. Select the Marketing folder.

    usecase-networkresources-marketing-folder-12.3

  4. Click the Public Relations folder.

    The groups that provide the privileges to the Public Relations folder are listed on the right hand side.

    usecase-networkresource-privileges-12.3

  5. If required, type Requester notes.

    Requester notes are required if the IDR REQUIRES REASON NEWREQUEST option is enabled.

  6. Click Request in the appropriate group row.

    Bravura Security Fabric enters the request to join this group into the authorization workflow.

    Joining this group will provide the user with read and write access to the Public Relations folder.

The Workflow Manager Service routes the request to the selected group owner for authorization. After authorization is complete the Transaction Monitor Service runs a connector program that adds the user to the selected group on the target system and the user will have access to the Pubic Relations folder.

Request access to documents in SharePoint

SHARED IN CONFIG AND END USER DOCS

This use case demonstrates the process a user would follow to request access to a document library in SharePoint.

Before a user can be granted access to a document library in SharePoint, the following is required:

  • A document library has been created in Windows SharePoint.

  • At least one document exists in the document library.

  • Users have at least read privileges to the SharePoint site. In this use case, the ”domain users” Active Directory group has been added to the SharePoint Visitors group.

  • The Visitors, Members, and Owners SharePoint groups all have owners.

  • A SharePoint target has been added to Bravura Security Fabric , and is configured to manage SharePoint network resources.

  • The document library is added to Bravura Security Fabric as a network resource.

To request access to the document library:

  1. From the main menu, click Request access to network resources in the My profile section.

    The Request access to network resources page appears.

    2345.png

  2. Click Documents .

    Bravura Security Fabric displays available document libraries on the right hand section.

    2346.png

  3. Select the document library in the right hand section.

    Bravura Security Fabric displays available resources in the document library.

    2347.png

    You can click the 3332.png icon next to the various folders to view privileges.

  4. Click the 3332.png icon next to Documents .

    The privileges are displayed on the right hand side.

    netres-sp-example-4-12.3

  5. Select a group that gives you the privileges you want.

  6. If required, type Requester notes .

    Requester notes are required if the IDR REQUIRES REASON NEWREQUEST option is enabled.

  7. Click Complete.

    Bravura Security Fabric enters the request into the authorization workflow.

The Workflow Manager Service routes the request to the selected group owner for authorization. After authorization is complete the Transaction Monitor Service runs a connector program that adds the user to the selected group on the target system and the user will have access to the Sales folder.

Request access to a printer

This use case demonstrates the process a user would follow to request access to a shared network printer.

Before a user can be granted access to a printer, the following is required:

  • A network printer has been shared and listed in Active Directory.

  • A printer is added to Bravura Security Fabric as a network resource.

  • Security has been set up on the printer using Active Directory groups.

  • The Active Directory groups used for security have owners.

  • The Run as checkbox has been selected for the administrator credentials for the Active Directory target system.

To request access to the document printer:

  1. From the main menu, click Request access to network resources in the My profile section.

    The Request access to network resources page appears.

    netres-printer-example-1

  2. Click Printers.

    Bravura Security Fabric displays available printers on the right hand side.

    netres-printer-example-2

  3. Select HID Example Printer.

    Bravura Security Fabric displays available printers on the network.

    netres-printer-example-3

    You can click the 3332.png icon next to the various printers to view privileges.

  4. Click the 3332.png icon next to HID example printer.

    The privileges are displayed on the right hand side.

    netres-printer-example-4

  5. Select the IT-Application Support group and click Continue.

    Bravura Security Fabric enters the request into the authorization workflow.

The Workflow Manager Service routes the request to the selected group owner for authorization. After authorization is complete the Transaction Monitor Service runs a connector program that adds the user to the selected group on the target system and the user will have access to the printer.

In this section: