Users can request access to an existing profile and associated policy or create their own profiles and then request access. Approvers get a notification after a profile is submitted for approval. A profile is ready for checkout after the request is approved.
- Click Request to request access to a profile of your choice or click on the View Profile icon against any profile and select Request.
- Profile, Permissions, and Associations tabs display the ready-only profile information.
- Select the Policies tab and from the list of policies click Select for a required policy. Only one policy can be selected for requesting access.
- Click Next.
- Enter Justification to be sent with the approval request.
- Click Submit. All approver(s) get a notification on the Britive UI as well as on the configured notification medium.
- Users can check the request status using the My Requests menu option from the navigation menu.
Creating a Profile
- At this point, you can continue the profile creation or save it as a draft to work on it later. Draft profiles without any updates are deleted after 30 days
- Add permissions using the SELECT PERMISSION button. On the Add Permissions page, the applicable permissions are displayed for selection and are specific to each onboarded application. For example: For AWS, the user can add only one role per profile, or for OCI, the user can add only groups. Also, the permission is displayed for selection only if it is available in all the selected associations.
- On the Add Permissions page, select the required permission, and click the + icon to add this permission.Note:Any changes made to profile associations after permissions are already added result in clearing such permissions and require re-configuring them.
- On the Add Permissions page, select the required permission, and click the + icon to add this permission.
[For AWS applications only] Britive-managed roles:
Administrators or users can create their own roles with the required AWS-managed policies or inline policies so that Britive profiles can be built using those permissions. These roles get provisioned in AWS after they are checked out from Britive.
- Click CREATE PERMISSION.
- Enter the following in the Create Role page:
- Select Existing Policy: Select from the listed policies. Click on the information icon to view the policy details.
- Create Inline Policy: Enter the Name and the Policy code in JSON format in the Create Policy page. Click Validate to validate the policy details.
- Add New Tag (Optional): Enter the Key and Value pair and click Add.
- Click Save.
- Britive-managed permissions are displayed with icon b, indicating that a role is Britive-managed.
- Enter the Justification to be sent with the approval request.
- Click Submit.
- Users can check the request status using the My Requests menu option from the navigation.