Access Builder

Users can request access to an existing profile and associated policy or create their own profiles and then request access. Approvers get a notification after a profile is submitted for approval. A profile is ready for checkout after the request is approved. 

1. Login to Britive.
2. Click on Access Builder from the navigation menu.
3. Select an application from the list of applications. 
4. Select an existing profile or clone an existing profile using the Clone profile icon in front of the existing profile or create a profile using Creating a Profile. 
5. Click Request to request access to a profile of your choice or click on the View Profile icon against any profile and select Request.
   1. Profile, Permissions, and Associations tabs display the ready-only profile information.
   2. Select the Policies tab and from the list of policies click Select for a required policy. Only one policy can be selected for requesting access.
   3. Click Next.
   4. Enter Justification to be sent with the approval request. 
   5. Click Submit. All approver(s) get a notification on the Britive UI as well as on the configured notification medium.
6. Users can check the request status using the My Requests menu option from the navigation menu.

Creating a Profile

1. Login to Britive.
2. Click on Access Builder from the navigation menu.
3. Select an application from the list of applications. 
4. Click on CREATE PROFILE to create a new profile or click the Clone profile icon in front of a profile to clone an existing profile. 
   1. Enter the following in the General section of the page:
      1. Enter Name.
      2. Enter Description (Optional).
      3. Check the Use Default App Console URL to use the default application console URL or enter a Console URL as needed. The user is directed to a specified console URL instead of the default landing page of an onboarded application.
   2. Enter the following in the Expiration section of the page:
      1. Enter the Expiration Timeout value in minutes. Users can select the maximum profile expiration timeout NOT exceeding the time mentioned in Access Builder Settings.
   3. Click DONE.
5. At this point, you can continue the profile creation or save it as a draft to work on it later. Draft profiles without any updates are deleted after 30 days
6. Edit the association selection in the Associations tab. Users can select only associations configured in Access Builder Settings by an administrator. This tab varies as per the application.
7. Add permissions using the SELECT PERMISSION button. On the Add Permissions page, the applicable permissions are displayed for selection and are specific to each onboarded application. For example: For AWS, the user can add only one role per profile, or for OCI, the user can add only groups. Also, the permission is displayed for selection only if it is available in all the selected associations.  
   1. On the Add Permissions page, select the required permission, and click the + icon to add this permission.
      Note:

      Any changes made to profile associations after permissions are already added result in clearing such permissions and require re-configuring them.

8. [For AWS applications only] Britive-managed roles:

   Administrators or users can create their own roles with the required AWS-managed policies or inline policies so that Britive profiles can be built using those permissions. These roles get provisioned in AWS after they are checked out from Britive.

   1. Click CREATE PERMISSION.
   2. Enter the following in the Create Role page:
      1. Name
      2. Description
      3. Permissions:
         1. Select Existing Policy: Select from the listed policies. Click on the information icon to view the policy details.
         2. Create Inline Policy: Enter the Name and the Policy code in JSON format in the Create Policy page. Click Validate to validate the policy details.
      4. Add New Tag (Optional): Enter the Key and Value pair and click Add. 
      5. Click Save.
   3. Britive-managed permissions are displayed with icon b, indicating that a role is Britive-managed.
9. Add policies using the Add Policy button. A user can create a policy to select which users can use the profile and whether the profile needs approval or not before checking out a profile. 
   1. Enter the following in the Add Policy pages:
      • General
        • Enter the Policy Name.
        • Enter the Description (Optional)
      • Members:  
        • Users: Add selected users for this policy by clicking on Add Users.
        • Tags: Add selected tags for this policy by clicking on Add Tags.
        • Service identities: Add selected service identities for this policy by clicking Add Service Identities. 
          Notes:

          • If a requester does not add any members to the policy (policy saved as a draft) then the requester is added to the policy and the policy is enabled upon approval.
          • If a requester adds the member(s) to the policy while creating a policy, the policy is enabled only for those members. In this case, the requester is not added to the policy automatically.
      • Generic Conditions: 
        • IP based: Select if you want access based on the IP addresses. Enter an IP address or a list of comma-separated IP addresses in the text box.
        • Time based: Select the Start and End Date/TimeDate-time range or Set Time Schedule for applying the policy.
      • Approvals: Select whether the user needs approval to access a profile. Enter the following details if you select Approval Required as Yes:  
   2. Click Save and Enable after all the configuration is done.
10. Click Next to continue the profile creation or Save as Draft to save the profile workflow and work on it later.
11. Enter the Justification to be sent with the approval request. 
12. Click Submit.
13. Users can check the request status using the My Requests menu option from the navigation.