Resolve enforcement violations
The following example procedure describes how to resolve enforcement violations when changing group membership is requested and would cause the recipient to be in surplus and deficit violation.
If surplus and deficit violations are detected, Bravura Security Fabric adds a wizard page to Resolve enforcement violations.
To resolve a surplus violation, click:
Request role to open the wizard that lists roles that require the entitlement in question, select a role, then click Accept to request the selected role.
Roles that include the entitlement as a legacy entitlement will not be listed.
Request exception to allow the user to keep the excess entitlement.
Remove to remove the excess entitlement.
Undo to bring back the three action buttons: Request exception, Remove, and Request role.
To resolve a deficit violation, click:
Request exception to allow the user to keep the role with the missing entitlement.
Add to allow the user to add the missing entitlement.
Remove role to remove the role corresponding to the missing entitlement.
Undo to bring back the three action buttons: Request exception, Add, and Remove role.
After every violation is resolved, click Submit to submit the request. Authorization may be required, depending on configuration.
If there are no deficits, and the last step in the request results in a surplus, the request is automatically submitted with the default action for a surplus. The user does not see the Resolve enforcement violations page in this case. For example, assuming:
Role1 includes group1
UserA has no deficits, does not belong to Role1, and is not a member of group1
UserA navigates to the Join or leave groups page.
The page includes a Submit button, and no Next button.
UserA selects group1.
UserA clicks Submit .
Bravura Security Fabric submits the request for group membership for group1, and an exception for a surplus violation.