Setting global role enforcement options

To enable and configure RBAC default behavior:

Click Manage the system > Resources > Options
In the RBAC AUTO PROPAGATE REQUESTER field, type the profile ID of the requester to use when automatically issuing enforcement violation requests.
It is recommended that you create a product administrator with specific privileges for this.
Select RBAC ENFORCEMENT ENABLED to enable role enforcement.
Enforcement rules for resources will not take effect until you do this.
If you want to change the default behavior of rbacenforce , set options listed in Table 1, “Role based access control options” as required.
If you want to trigger external programs when RBAC events occur, configure event options listed in Table 2, “Role-based access control events that launch interface programs”.
Click Update at the bottom of the form.

Table 1. Role based access control options

Option	Description
RBAC DEFICIT DEFAULT ACTION	Select the default action for resolving situations where a user does not have enough entitlements: Add resource if the user should automatically be assigned missing entitlements. Request exception if the user may be allowed an exception to the rule.
RBAC ENFORCEMENT LIMIT CHECK	To limit the load on the system, type the maximum number of users that the `rbacenforce` program should list during <UPDATE>. The default is 1000.
RBAC ENFORCEMENT LIMIT LIST	To limit the load on the system, type the maximum number of violations that the `rbacenforce` program should list during auto discovery . The default is 100.
RBAC ENFORCEMENT NIGHTLY LIST	The `rbacenforce` program runs during auto discovery . Disable this option if you want to run the program manually.
RBAC ENFORCEMENT NIGHTLY SUBMIT	When `rbacenforce` finds violations during auto discovery , it automatically submits enforcements to the Bravura Security Fabric request workflow system. Disable this option if you want to submit requests manually.
RBAC SURPLUS DEFAULT ACTION	Select the default action for resolving situations where a user has too many access privileges: Remove resource if the surplus entitlement should be automatically removed from the user. Request exception if the user may be allowed an exception to the rule.

Table 2. Role-based access control events that launch interface programs

Option	Description
RBAC ENFORCEMENT LIST BEGIN	The listing of role enforcement violations begins.
RBAC ENFORCEMENT LIST END	The listing of role enforcement violations ends.
RBAC ENFORCEMENT SUBMIT	The role enforcement requests are submitted to request workflow.
ROLE ENTITLEMENT ADD	A product administrator successfully adds an entitlement to a role.
ROLE ENTITLEMENT DELETE	A product administrator successfully removes an entitlement from a role.

In this section:

Search results