Indirect group membership change causing rule violation

Some target systems support the concept of a nested group. A nested group is a group that is a member of another group. For example, in Active Directory you can add a group as a member of another group. The nested group then inherits the rights of the parent group.

Bravura Security Fabric also calls these groups parent groups and child groups. If an account is a member of a child group, they have what is called indirect membership to the parent group.

When requesting resources that have nested groups, your request might violate a SoD rule applied to a nested resource.

The main procedure on how to request an exception for a rule remains the same for indirect groups, except that Indirect membership details are displayed on the Bravura Security Fabric wizard page.