Targeting groups

You can restrict Bravura Security Fabric to list only those users, groups and computer objects who exist in one or more named groups. To do this, on the Target system address configuration page, specify:

These fields allow multiple values. To fill in multiple values, select List from the drop-down list box displaying in front of these fields, and use the More button to add additional input box(es) when more than one value is given. Value in each input box is treated as a single value, for example:

If there are many groups to list, there is an option to include all groups in a file. To use the file, select the File option from the drop-down list and specify file name in the field.

These files must be located in the \<instance>\script\ directory and contain a list of groups to list from. They cannot be combined into one file and must be separate.

For listing users from groups:

# KVGROUP-V2.0

   listGroups = {

     "CN=IT,OU=Groups,DC=domain,DC=local";

     "CN=Sales,OU=Groups,DC=domain,DC=local";

     "CN=Finance,OU=Groups,DC=domain,DC=local";

   }

For listing member groups from groups:

# KVGROUP-V2.0

   listGroupGroups = {

     "OU=Groups,OU=IT,DC=domain,DC=local";

     "OU=Groups,OU=Sales,DC=domain,DC=local";

     "OU=Groups,OU=Finance,DC=domain,DC=local";

   }

For listing computers from groups:

# KVGROUP-V2.0

   listComputerGroups = {

     "OU=Computers,OU=IT,DC=domain,DC=local";

     "OU=Computers,OU=Sales,DC=domain,DC=local";

     "OU=Computers,OU=Finance,DC=domain,DC=local";

   }

Active Directory DN connector will not list any group if the group file is empty.

By default if a group list includes invalid groups the list will return success. You can cause the listing to abort when invalid groups are detected by setting Abort listing when an invalid group is encountered.

Listing group membership recursively

You can recursively list all users and computers contained groups specified by the " Groups to list …" options.

To list user and computer objects recursively, select the List nested groups option.

If specified, the connector recursively searches for groups managed by the groups specified in the address, then constructs a user list search based on all groups.

If not specified, only immediate members of a specified group are listed.

Listing managed group membership recursively

You can recursively list users’ group membership for groups contained within groups specified by the Groups to list users from option. To list group membership recursively, select the List members for nested groups option.

If selected, the connector recursively searches for groups managed by the groups specified in the address, then constructs a user list search based on all managed groups.

If not selected, only immediate members of a specified group are listed.

Depending on the version of Bravura Security Fabric you have installed, you may need to list groups and group managers in flattened form if nested groups are not supported. Bravura Security Fabric versions 9.0.1 or earlier do not support nested groups.

To list nested groups recursively in flattened form, select When listing group members and managers, list groups as their individual user members.

If selected, the list of groups constructed will list all the immediate members of the specified group and all the members of the groups nested within the specified group.