---
title: "Profile Management"
slug: "resource-profile-management"
updated: 2026-04-09T10:34:53Z
published: 2026-04-09T10:34:53Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.britive.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Profile Management

Profiles define what actions an identity can perform on a resource. Profiles have profile details, associations with resource label conditions, permissions for resources, and policies. Users who have *Manage* permission for the resource can create profiles.

Creating an Access Profile

Administrators can create profiles for resources. Admins also need to provide labels to associate resources with the profile. Policies are associated with profiles to manage user access to resources. The profile policies are allowed to perform checkout actions on the resource.

1. Log in to Britive with administrator privileges.
2. Click on **System admin** **-> Resource Management -> Profile Management**.
3. Select associations from the drop-down list to group the resource profiles. After selecting the profile association, groups are created for each available value.
4. Click on the **Create Profile**button to create a new profile.
  1. Enter the following on the **Create Access Profile**page:
    1. Enter **Name**.
    2. Enter **Description** (Optional).
    3. Enter the following in the **Expiration** section of the page:
      1. Enter the expiration timeout in minutes.
      2. Check **Allow Extension** to extend resource profile checkout duration and enter the following values:
        - **Notification**: Time (in minutes) before expiration to show a popup prompting the user to extend the checkout.
        - **Duration**: Specifies the extension duration in minutes.
        - **Repeats**: Specifies the maximum number of times the checkout duration can be extended.
    4. Enable **Allow Impersonate** under **Impersonation Settings** to grant service/AI identities permission to act on behalf of users or tags.
    5. Click **Save**.
5. After the profile is created, enter the details in the following tabs to complete a profile:
  - **Associations**: Associate resource labels to a profile. Based on these resource labels, the resources are available for users to check out.
    1. Add the **Label Key** and **Values** pair. One Label key can have multiple values. In the case of multiple associations, Label Keys are operated as **AND** whereas the values of a Label Key are operated as **OR**.
    2. Click **Save**.
  - **Permissions**: Attach permissions to the profile.
    1. Click **Select Permission**to select from a list of permissions. You can also choose a particular version of permission. Only one permission is allowed per resource type.
      - **Latest**: Select **Latest** from the drop-down list to select the latest version every time. If this permission is updated to a newer version, that one is picked up automatically if the **Latest** is selected.
      - **Local**: The users do not upload the files in Britive, and they are managed by the broker.
      - **Current**: The current permission version is used.
    2. Enter the variable values or select from the Britive system-defined variables.
    3. Click **Add**.
    4. Click on the Info icon to view the permission details. You can also edit variable values from this page. Click **Save** if there are any changes to the variable values.
  - **Policies**: Mapping, which users can perform check-in or check out.
    - **Policy Prioritization**: Administrators can set the priority of policy evaluation by enabling this feature. Prioritizing policies may change the policy execution, existing access, and/or approval conditions for affected identities. Policies can be prioritized by dragging and dropping them from a list of policies, and the policy execution order is as shown on the UI. If this feature is disabled, system default policy evaluation is applied.
    - Click on the **Add Policy** button to add a new policy:
      - **General**
        - Enter the **Policy Name**.
        - Enter the description.
      - **Members:**
        - **Users**: Click **Select Users**and add one or more members for this policy.
        - **Tags**: Click **Select Tags** and add one or more tags for this policy.
        - **Service identities**: Click **Select Service Identities** and add one or more service identities for this policy.
      - **Generic Conditions**:

        - IP based: Select if you want access based on the IP addresses. Enter an IP address or a list of comma-separated IP addresses in the text box.
        - Time based: Select the **Start and End Date/Time****Date-time range** or **Set Time Schedule** for applying the policy.
      - **Step-up Verification:**
        - Select **Yes** to enable step-up verification for this policy. The user is prompted for OTP to check out a profile if this option is enabled. The step-up verification validity is configured in the step-up verification validity settings in the **Security** tab. For more information, see [Configuring Step-up Verification Validity](/v1/docs/mfa-settings#configuring-stepup-verification-validity).
        - Once step-up verification is enabled, you can check (Yes/No) if the previous successful verification can be used for subsequent viewing of secrets.
      - **Approvals**: Select whether the user needs approval to access a profile. Enter the following details if you select **Approval Required** as **Yes:**

        - **Notifications:** Select notification medium(s) using the **Add Notification** button. Before use, notification mediums can be created in the **Admin**->**Global Settings** section. For more details, see [Creating and Managing Notification Mediums](/v1/docs/notification-medium).
          - **Slack** or **Slack Application:**
            - (Optional) Specify the Slack Channel ID:
              1. To find the Slack Channel ID:
                1. Right-click on the Slack channel you want to use.
                2. Select **View Channel Details**.
                3. Scroll to the bottom to find the Channel ID.
              2. Click **Validate Channels**to validate the listed channels. Ensure you have integrated the Britive app with channels (private/public) before validating them. For more information about integrating the app, see [Configuring Slack App](https://docs.britive.com/docs/configuring-slack-app).Note:You can add only one Slack notification medium per policy.
          - **Teams** **Application:**
            1. (Optional) Specify the Team Name:
              1. To find the channels:
                1. Go to the Teams client.
                2. Select the Teams for which you want the list of channels.
                3. Click on **See all channels** to get the list of channels.
            2. Click **Validate Channels**to validate the listed channels.****
        - **Manager Approval Settings:**Select Manager Approval if you want the requester's manager as an approver. You can select one of the following:
          - **Manager OR Approvers**: The manager or the approvers approve/reject the request.
          - **Manager AND Approvers**: The manager and approvers must approve/reject the request.
          - **Manager Only**: Only the requester's manager can approve/reject the request. You cannot select individual users or tags as approvers.****
        - **Users:**Select the users from the list.
        - **Tags**: Select the tags from the list.
        - **Maximum time to Approve:**Enter the time in *Hours:Minutes* format. The approval request expires if it is not approved within the specified time.
        - **Approval Validity**: Enter the number of days or hours for access validity after the request is approved. Approval validity time must be between 1 and 30 days.
      - **Resource Labels**: This configuration can restrict or approve resource access to a subset of resources. Resources get filtered based on the selected resource labels and resource key-value pair. By default, all associations are shown in the policy, and all resources are available to a user for profile check-out. Also, if approval is required for check-out, all resources need approval. To allow access to a particular resource or require approval only for selected resources, select the resource label key and click **Edit** to choose values. Click **Save** to save the selected resource label key-value pair(s).
    - Click **Save and Enable**after the configuration is complete.
  - **Advanced Settings:**All profile advanced settings by default are inherited from the application settings. If you want to configure it for a profile, see [Advanced Settings](/v1/docs/itsm-integration-settings). Click **Reset**if you want to reset the configuration back at the application level.