Managing Britive Profiles
Application administrators can configure a Britive profile to associate the permissions of an onboarded application, and setup policies so that certain members can have access to the profile with or without approval.
Creating a Britive Profile
- After the profile is created, enter the details in the following tabs to complete a profile:
The Associations tab displays the scope of the permissions applied in a particular application. An administrator can select the environment(s)/resource(s) to be associated with this profile. This tab varies as per the application.
The Permissions tab displays the list of permissions granted for the profile. The applicable permissions are displayed for selection and are specific to each application.
To add permissions:
- Click on ADD PERMISSIONS button.
- In the Add Permissions page, select the required permission, click + icon to add this permission.
- The list of permissions depends on the onboarded application. For example: For AWS, the user can add only one role per profile, or for OCI, the user can add only groups.
The Policies tab displays the list of policies created for a profile. An application administrator can create a policy to select which users can use the profile and whether the profile needs approval or not before checking out a profile.
- Click on the Add Policy button to add a new policy and enter the following:
- Enter the Policy Name.
- Enter the Description (Optional)
- Users: Add selected users for this policy by clicking on Add Users.
- Tags: Add selected tags for this policy by clicking on Add Tags.
- Service identities: Add selected service identities for this policy by clicking Add Service Identities.
- Generic Conditions:
- Approvals: Select whether the user needs approval to access a profile. Enter the following details if you select Approval Required as Yes:
- Click Save and Enable after all the configuration is done.
Users can Edit/Clone/Enable/Disable/Delete a policy by clicking Manage for a particular policy.
The Session Attributes tab displays the session attributes added to the profile.
There are two types of attributes:
- Identity: The selected value for the attribute is collected from the user's profile when they checkout AWS profile from the My Access tab.
- Static: The user has to specify a value that remains the same for all users in the Attribute Value field.
To add a session attribute:
- Click on the ADD SESSION ATTRIBUTE button.
- Enter the following on the Session Attribute page:
- Select the Attribute Type, either Identity or Static.
- Select the Attribute.
- Enter the name of the attribute as defined in the role configured in AWS in the Mapping Name field.
- Select Transitive to pass the session attributes when assuming other roles and those roles have the same attributes defined.
- Click ADD SESSION ATTRIBUTE.