This chapter provides an overview of payment security and discusses how to:
Activate payment security.
Create payment security rules.
Assign payment security rules.
Because payments contain sensitive information, access to them should be restricted so that users can access only the payments that are needed to fulfill their job function. For example, a user whose job is to process payments for Payables should have access to only those payments that are associated with the Payables application. To address this issue, the Financial Gateway system enables an administrator to specify which types of payments users can view or process.
On all payment search pages, the payment security functionality limits the list of prompt values for secured fields to only those that meet the defined security-rule criteria. The prompt values are determined based on the rule definitions that are assigned to a given user or role.
The setup involves an administrator enabling the functionality and creating security rules that define what payments can be accessed. Next, the administrator assigns rules to user IDs or roles so that when users attempt to query payments, only those payments that comply with their assigned rules appear. Payment inquiries, whether online or in a report, filter out payments that are based on the requesting user and the criteria that are specified for them based on their user ID or their role.
This diagram defines the steps and related application pages that are necessary for setting up payment security. The Security Options page, where payment security is enabled and a user ID or role is designated. You then select the Security Rules page, where you establish rules based on the previously selected security options. Once the security rules are established, you move to either the Payment Security User Assignment page, if user ID was selected on the Security Options page, where the security rules are assigned to a user ID, or to the Payment Security Role Assignment page, if role was selected on the Security Options page, where the security rules are assigned by role.
Application page flow for setting up and defining payment security rules by user ID or role.
To define security user assignments, use the Security User Assignment component (PMT_SEC_USER_GBL).
To define payment security rules, use the Payment Security Rules component (PMT_SEC_RULE_GBL).
This section discusses how to enable payment security.
Page Name |
Definition Name |
Navigation |
Usage |
Security Options |
PMT_SEC_OPTIONS |
Financial Gateway, Security, Security Options |
Activate payment security based on user or role and enable payment fields. |
Access the Security Options page (Financial Gateway, Security, Security, Security Options).
Enable Payment Security |
The options are:
|
Apply Rules Based On |
If payment security is enabled, determine whether the security rules are enforced based on the user identity or role. This is a system-wide option and is not based on business unit or setID. In addition, it is not possible to base security on a combination of role and user; you must base it on role or identity. |
Secured Fields |
Lists the fields on which you want to base your system's payment security. For example, by enabling the BANK_ACCT_KEY field, you can then define a user's access to payment information based on specific bank accounts (on the Security Rules page), limiting them to payment information for only those accounts. Fields not enabled on this page will not be available for selection in the Field Name field of the Security Rules page. The options are:
|
The section discusses how to define security rules.
Page Name |
Definition Name |
Navigation |
Usage |
Security Rules |
PMT_SEC_RULE |
Financial Gateway, Security, Security Rule, Security Rules |
Define payment security rules that can be assigned to users or roles. |
Access the Security Rules page (Financial Gateway, Security, Security Rule, Security Rules).
Use the Sequence, Field Name, Operation, Value, Operator, and Open and Close fields to create rules that specifically define which payments are accessible to the roles or users to which the rules are assigned.
Use the open and close columns fields for parentheses around SQL statements.
Test Rule |
Click to run a test on the validity of the rule's logic. |
This section discusses how to assign security rules.
Page Name |
Definition Name |
Navigation |
Usage |
Security Role Assignment |
PMT_SEC_ROLE |
Financial Gateway, Security, Security Role Assignment |
Assign payment security rules to a role. |
Security User Assignment |
PMT_SEC_USER |
Financial Gateway, Security, Security User Assignment |
Assign payment security rules to a user. |
Access the Payment Security User Assignment page (Financial Gateway, Security, Security User Assignment), or the Security Role Assignment page (Financial Gateway, Security, Security, Role Assignment).
Use this page to assign rules that define the payments to which the user will have access.