Resource Types

Resource types are used to define resources. For example, a resource type can be a database, a Linux server, or different flavors of databases (e.g., MySQL, Oracle, etc.) or servers (RHEL, Ubuntu). You can configure a common set of fields for every resource, for example, credentials, database URL, etc. The resource type is used as a template for all similar resources. You can create multiple resources of a particular resource type.

Account Discovery

Account discovery enables Britive to identify system accounts and groups from remote environments such as Linux, Windows, databases, and Active Directory services. The Access Broker is enhanced to support a scan mechanism using discovery scripts. It executes the script and displays the accounts, groups, and group memberships in the Britive platform. 

For account discovery, resource types must be configured on Britive with a discovery script and optional scheduling configuration. The resources must be onboarded on Britive before discovery.

Scheduling scans can be performed every 24 hours or can be triggered manually. Scans are scheduled for all resource types, or resources can be filtered by resource labels. The resource scan progress and the scan data can be monitored at the resource level.

Secret Rotation

Secret rotation allows users to change/rotate a secret (for example, a password or an API key) and updates its new value to a target resource. The target resources must be onboarded on Britive. These resources are discovered using the scripts from the account discovery.

Creating a Resource Type

1. Log in to Britive.

2. Click on Admin->Resource Management->Resource Types.

3. Click the Create Resource Type button to create a new resource type.

4. Enter the Name and Description of a resource type.

5. Add an icon for the resource type that is displayed in the UI. Only the *.svg format is accepted.

6. Click Save. 

7. Configure the respective parameters in the following tabs:

   1. Fields:

      1. Click Add Field to add properties of a resource type in the Fields tab:

         1. Enter the Name of the field.

         2. Select the Field Type.

         3. Select if this field is mandatory.

         4. Click Add.

   2. Permissions:

      1. Click the Create Permission button to create a permission that this resource type supports. You can use these permissions while creating a profile. Every update to a permission creates a newer version of it. After permission creation, you can keep it in the draft mode or save to enable it immediately. You can keep updating the permission in draft mode. The users control the permissions and what happens after a certain profile is checked out.

      2. Enter the Name and Description for permission.

      3. Click Create.

      4. Checkout or Checkin: Enter the details about the actions to be executed after a checkout or checkin of a profile. 

         • Insert Code:

           1. Select a language from the drop-down list.

           2. Enter the actions/script in the in-line editor text box.

              Notes:

              • Both the checkout and check-in must have the same command mode. Both should be either Insert Code or Add File.

              • For the Insert code selection, the same language must be used for both checkout and checkin. 

              • Changing the mode or language in one tab also changes it in the other.

         • Add File: Upload a file that indicates the permissions required for this resource type. The user is responsible for this script; it could be a Python script, Unix commands, etc. Uploading a file depends on whether it needs to be used as a local or remote permission.

      5. Variables: Add one or multiple variables to be used in the script, as the script can be used for multiple users for different resources.

      6. Time Limit: Enter the time limit in minutes. This specifies the time required for the script to execute on a server. The maximum time allowed is 15 minutes.

      7. Response Templates:

         1. Show Original Credentials: Show/hide original credentials under My Resources programmatic access.

         2. Click the Add Templates button to view and add response templates. Select the templates based on the response expected from the profile checkout. For every permission version can have more than one response template associated with it. For more information about creating and managing response templates, see Response Templates. 

   3. Rotation Templates: A rotation template decides how to rotate the secret.

      1. Rotation Enabled or Rotation Disabled: Enable or disable the secret rotation for all resources and rotation templates based on the resource type.

      2. Click Create Template to create a rotation template:

         1. Enter the name and description of the template and click Create.

         2. Template: Enter the details about the script that needs to be executed for secret rotation.

            1. Local: Select if the script is located at the same system where the access broker is installed.

            2. Insert Code: This is the script for the scan process.

               1. Select a language from the drop-down list.

               2. Enter the actions/script in the in-line editor text box.

            3. Add File: Upload a file manually that is executed for the scan process.

            4. Variables: Add one or multiple variables to be used in the script, as the script can be used for multiple users for different resources.

         3. Time Limit: Enter the time limit in minutes. This specifies the time required for the script to execute on a server. The maximum time allowed is 15 minutes.

   4. Scan Settings: Configure scan details and scan scripts that need to be executed for the resource discovery.

      1. Enter Timeout in minutes for which the script will be running. Maximum time allowed is 60 minutes.

      2. Script:

         1. Local: Select if the script is located at the same system where the access broker is installed.

         2. Insert Code: This is the script for the scan process.

            1. Select a language from the drop-down list.

            2. Enter the actions/script in the in-line editor text box.

         3. Add File: Upload a file manually that is executed for the scan process.

      3. Click the Scan button to scan for resources manually. This button is enabled after configuring scan settings. It scans all the resources for this resource type. Select the resource label for filtering resources based on the resource labels. The scan results and the resources are displayed under the Scans tab under Resources.

   5. Schedule Scan: You can schedule scan frequency and also filter resources based on resource labels.

      1. Scan Name

      2. Frequency:

         1. Daily at time in IST

         2. Weekly: Day of week at time in IST

         3. Monthly: Day of Month at time in IST

      3. Label Key, Value

8. Click Save.

9. For the already created permission, to update the description or options under the Commands tab, you need to create a new version of a permission using the Create Version button. Update the required details and click Save.