Skip to main content

Resource attribute groups

A resource attribute group is a named collection of resource attributes. You can configure resource attribute groups to include resource attributes on the resource definition pages for:

  • Target systems

  • Template accounts

  • Roles

  • managed group s

  • Managed systems

  • Managed accounts

  • Account group memberships

  • Computer group memberships

  • Child group memberships

  • Role memberships

  • SoD rules

You must also configure access controls to determine who can read and write resource attribute values.

Getting started

Requirements

Before you add a resource attribute group:

  • You require the Manage resources administrative privilege in order to access the Resource attribute groups menu item.

Navigation steps

Use the Resource attribute group definition page to add and configure resource attribute groups. To navigate to this page:

  1. Click Manage the system > Resources > Resource attribute groups.

  2. To define a:

    • New resource attribute group – click Add new....

    • Existing resource attribute group – search for, or select the resource attribute group you want to view or modify.

Built-in resource attribute groups

The following attribute groups are included in Bravura Security Fabric :

GROUP_INFO_CREATE

Group information used in create group operations.

GROUP_INFO_UPDATE

Group information used in update group operations.

SOD_EXCEPTION_EXPIRY

Expiry settings for requested exceptions to SoD rules.

ROLE_VALIDITY

Defines the start and end times for role entitlements.

Creating resource attribute groups

To create a resource attribute group:

  1. Navigate to the Resource attribute group definition page .

  2. Type a unique ID and Description.

  3. Select one or more resource types to which you want to apply this group.

  4. Click Add.

Adding attribute group members

To add resource attributes to a resource attribute group:

  1. From the Resource attribute group definition page , click the Members tab.

  2. Click Select… to see a list of all resource attributes.

  3. Select or enable the checkboxes next to the resource attributes you want to include.

  4. Click Select .

To remove resource attributes from the resource attribute group, enable the checkbox next to the resource attribute and click Delete. If required confirm your actions .

Assigning read and write permissions

There must be at least one user group defined for Access to resource attributes before you can assign read and write permissions for a resource attribute group.

To add a user group to control access to resource attribute groups:

  1. Click Manage the system > Security > Access to resource groups.

  2. Click Add new…

  3. Type a unique ID and Description.

  4. Click Add.

  5. Select the Membership Criteria tab.

  6. Select or create user classes to define membership criteria.

Membership of non-built-in user classes can be cached to improve performance. There are options to recalculate or invalidate the cache on the user class configuration page.

Note

In a replicated environment, cache recalculation can only be performed on the instance which runs psupdate.

After you have defined user groups, you can assign read and write permissions for a resource attribute group, either from the User group information page, or the Resource attribute group definition page:

  1. Select the Access control tab.

  2. If required, search to refine the list of groups displayed on the page.

  3. Select Read and Write checkboxes as required.

    By default, the checkboxes indicate allowed permissions. If Bravura Security Fabric is configured to display Allow and Deny columns, ensure that you select checkboxes in the appropriate columns.

  4. Click Update.

If you require product administrators to be able to edit attributes, you must assign them both read and write permissions.

Determining how attributes are displayed

To determine how the group’s attribute fields are displayed to users:

  1. From the Resource attribute group definition page , click the Display criteria tab.

  2. Determine the Display type. Select:

    • Main – to display the group and its attributes on the main resource definition page.

    • Subsidiary – to display the group’s attributes on a subsidiary page.

    • None – to hide the group and its attributes from users.

  3. Click Update.

To determine the order in which resource attributes within a group are listed:

  1. From the Resource attribute group definition page , click the Members tab.

  2. Drag and drop one of the double direction arrows in the ID field to change the resource attributes’ order in the list.

  3. Click Update.

Determining attribute group display order

To determine the order in which attribute groups are displayed to users:

  1. Click Manage the system > Resources > Resource attribute groups.

  2. Click Order....

  3. Drag and drop one of the double direction arrows in the ID field to change the attribute groups’ order in the list.

  4. Click Update.

    Bravura Security Fabric saves the changes to the attribute groups’ order.

In this section: