Handling account attributes
You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using in the Manage the system (PSA) module. To do this, select RSA Access Manager from the Manage the system > Resources > Account attributes menu. For information about the native Access Manager attributes managed by Bravura Security Fabric , consult your Access Manager documentation.
Bravura Security Fabric can also manage entitlements to Access Manager-protected applications. To use an example, if the following entitlements are set for a user on the RSA Access Manager server:
Access | Resource | Resource Type | Server | Application |
|---|---|---|---|---|
Allow Access | testapp | application | testapp | |
Allow Access | /qaappurl | url | testserver | qaapp |
Allow Access | <web>testweb2/* | url | testserver2 | testapp2 |
Deny Access | testfunction | function | qaapp |
You would use the following format when adding or updating a user’s entitlements:
"<Resource Type>""<Application>""<Resource>""<Server>""<Access>"
Applying this format to the above example would result in the following entries:
"app""testapp""testapp""""true" "url""qaapp""/qaappurl""testserver""true" "url""testapp2""<web>testweb2/⋆""testserver2""true" "function""qaapp""testfunction""""false"
The available resource types for entitlements are app, url, and function.
When creating a profile attribute for entitlements, ensure that you set:
The Maximum allowed number of values option to either -1 or a value high enough to support the maximum number of entitlements allowed for the user.
The Maximum field length option to a high enough value to support the size of each of the entitlement values.
When assigning a new entitlement to a user using a profile attribute, ensure that the value of the attribute follows the format shown above, and that the entitlement already exists on the RSA Access Manager server.
The same requirements also apply when you are updating an existing entitlement.
Only the management of user entitlements is supported. Management of entitlements assigned to groups is not supported.