Britive platform release 2026.04.01 is now live in production.

Creating and Managing Policies

Prev Next

Creating a Policy

  1. Log in to Britive.

  2. Click on System Admin->Secret Management->Britive Vault.

  3. Select the node where the policy needs to be created.

  4. Click on the Policies tab. You can also select Add Policy from the overflow menu of a particular node.

  5. Click on the Add Policy button to add a new policy and enter the following:

    • General

      • Enter the Policy Name.

      • Enter the description (optional).

      • Access Type: Select either Allow or Deny.

      • Include all resources in the hierarchy below the resource path?

    • Members: 

      • Users: Click Select Users and add one or more members for this policy.

      • Tags: Click Select Tags and add one or more tags for this policy.

      • Service identities: Click Select Service Identities and add one or more service identities for this policy.

      • AI identities: Click Select AI Identities and add one or more AI identities for this policy.

      • API tokens: Click Select API Tokens and add one or more API tokens for this policy.

    • Permissions

      • Access Level: The user gets access to the secrets based on the following: 

        • View

        • Create, Edit

        • Manage

    • Generic Conditions

      • IP based: Select if you want access based on the IP addresses. Enter an IP address or a list of comma-separated IP addresses in the text box.
      • Time based: Select the Start and End Date/TimeDate-time range or Set Time Schedule for applying the policy.

    • Step-up Verification: 

      • Select Yes if step-up verification is required for this profile. The user is prompted for input based on the configured MFA for viewing secret details if this option is selected. The step-up verification validity is configured in the step-up verification validity settings in the Security tab. For more information, see Configuring Step-up Verification Validity

      • Once step-up verification is enabled, you can check (Yes/No) if the previous successful verification can be used for subsequent viewing of secrets.

    • Approvals: Select whether the user needs approval to access a profile. Enter the following details if you select Approval Required as Yes

      • Notifications: Select notification medium(s) using the Add Notification button. Before use, notification mediums can be created in the Admin->Global Settings section. For more details, see Creating and Managing Notification Mediums
        • Slack or Slack Application:
          • (Optional) Specify the Slack Channel ID:
            1. To find the Slack Channel ID:
              1. Right-click on the Slack channel you want to use.
              2. Select View Channel Details.
              3. Scroll to the bottom to find the Channel ID.
            2. Click Validate Channels to validate the listed channels. Ensure you have integrated the Britive app with channels (private/public) before validating them. For more information about integrating the app, see Configuring Slack App.
              Note:
              You can add only one Slack notification medium per policy.
        • Teams Application:
          1. (Optional) Specify the Team Name:
            1. To find the channels:
              1. Go to the Teams client. 
              2. Select the Teams for which you want the list of channels.
              3. Click on See all channels to get the list of channels.
          2. Click Validate Channels to validate the listed channels.
      • Manager Approval Settings: Select Manager Approval if you want the requester's manager as an approver. You can select one of the following:
        • Manager OR Approvers: The manager or the approvers approve/reject the request.
        • Manager AND Approvers: The manager and approvers must approve/reject the request.
        • Manager Only: Only the requester's manager can approve/reject the request. You cannot select individual users or tags as approvers.
      • Users: Select the users from the list.
      • Tags: Select the tags from the list.
      • Maximum time to Approve: Enter the time in Hours:Minutes format. The approval request expires if it is not approved within the specified time.
      • Approval Validity: Enter the number of days or hours for access validity after the request is approved. Approval validity time must be between 1 and 30 days.

  6. Click Save and Enable after all the configuration is done.

Managing Policies

You can edit/enable/disable/delete a policy.

  1. Log in to Britive.

  2. Click on System admin->Secret Management->Britive Vault.

  3. Click on the Policies tab.

  4. Select the action for the policy to be managed.

    • Manage Policy: You can edit some parts of the policy after creating a policy. You can edit the secret name, description, and secret details based on the selected secret template.

    • Enable/Disable Policy: You can enable or disable a particular policy created by you.

    • Delete: Delete any policy created by you. A user can not delete predefined policies.

© 2024 Britive Inc. All Rights Reserved.