Contents x
    Profile Management
      • Print
      • PDF
      Contents

      Profile Management

        • Print
        • PDF
        Article summary

        Profiles define what actions an identity can perform on a resource. Profiles have profile details, associations with resource label conditions, permissions for resources, and policies. Users who have Manage permission for the resource can create profiles. 

        Creating an Access Profile

        Administrators can create profiles for the resources. Admins also need to provide labels to associate resources to the profile. Policies are associated with profiles to manage user access to resources. The profile policies are allowed to perform checkout action on the resource.

        1. Login to Britive with administrator privileges.
        2. Click on Admin -> Resource Manager -> Profile Management.
        3. Select associations from the drop-down list for grouping the resource profiles. After selecting the profile association, groups are created for each available value.
        4. Click on the Create Profile button to create a new profile.
          1. Enter the following on the Create Access Profile page:
            1. Enter Name.
            2. Enter Description (Optional).
            3. Enter the Expiration Timeout in minutes, the profile is valid for this time.
            4. Click Save.
        5.  After the profile is created, enter the details in the following tabs to complete a profile:
          • Associations: Associate resource labels to a profile. Based on these resource labels, the resources are available for users to check out.
            1. Add the Label Key and Values pair. One Label key can have multiple values. In the case of multiple associations, Label Keys are operated as AND whereas the values of a Label Key are operated as OR.
            2. Click Save.
          • Permissions: Attach permissions to the profile. 
            • Click Select Permission to select from a list of permissions. You can also choose a particular version of a permission. Only one permission is allowed per resource type.
              • Latest: Select Latest from the drop-down list to select the latest version every time. If this permission is updated to a newer version, that one is picked up automatically if the Latest is selected.
              • Local: The users do not upload the files in Britive and they are managed by the broker.
              • Current: The current permission version is used. 
            • Enter the Variable values or select from the Britive system-defined variables.
            • Click Add.
            • Click on the Info icon to view the permission details. You can also edit variable values from this page. Click Save if there are any changes to the variable values.
          • Policies: Mapping, which users can perform check-in/out. In the Add Policy tab, enter the following:
            • General
              • Enter the Policy Name.
              • Enter the description.
            • Members:  
              • Users: Click Select Users and add one or more members for this policy.
              • Tags: Click Select Tags and add one or more tags for this policy. 
              • Service identities: Click Select Service Identities and add one or more service identities for this policy.
            • Generic Conditions
              • IP based: Select if you want access based on the IP addresses. Enter an IP address or a list of comma-separated IP addresses in the text box.
              • Time based: Select the Start and End Date/TimeDate-time range or Set Time Schedule for applying the policy.
            • Step-up Verification: 
              • Select Yes to enable step-up verification for this policy. The user is prompted for OTP to check out a profile if this option is enabled. The step-up verification validity is configured in the step-up verification validity settings in the Security tab. For more information, see Configuring Step-up Verification Validity
              • Once step-up verification is enabled, you can check (Yes/No) if the previous successful verification can be used for subsequent viewing secrets.
            • Approvals: Select whether the user needs approval to access a profile. Enter the following details if you select Approval Required as Yes:  
              • Notifications: Select notification medium(s) using the Add Notification button. Before use, notification mediums can be created in the Admin->Global Settings section. For more details, see Creating and Managing Notification Mediums.
                Note:
                You can add only one Slack notification medium per policy.
              • Users: Select the users from the user list. A notification is sent to these users for approval.
              • Tags: Select the tags from the list.
              • Maximum time to Approve: Enter the time in Hours:Minutes format. The approval request expires if it is not approved in this specified time.
              • Approval Validity: Enter the number of days or hours for access validity after the request is approved.
            • Resource Labels: This configuration can restrict or approve resource access to a subset of resources. Resources get filtered based on the selected resource labels and resource key-value pair. By default, all associations are shown in the policy and all resources are available to a user for profile check-out. Also, if approval is required for check-out, all resources need approval. To allow access to a particular resource or require approval only for selected resources, select the resource label key and click Edit to choose values. Click Save to save the selected resource label key-value pair(s). 
          • Click Save and Enable after the configuration is complete.

        Was this article helpful?
        What's Next

        © 2024 Britive Inc. All Rights Reserved.