Consider a bank “ABC” which has presence across the country and has split their business based on regions. Each region is being managed by a Relationship manager reporting the Chief Executive Officer. The Hierarchy is as indicated below.
Retail Assets Sales Head
· Sales Manager Personal Loans
§ Sales Officer 1
§ Sales Officer 2
· Sales Manager Mortgages
§ Sales Officer 3
§ Sales Officer 4
· Sales Manager Credit Cards
§ Sales Officer 5
§ Sales Officer 6
· Sales Manager Auto Loans
§ Sales Officer 7
§ Sales Officer 8
Products
· Personal Loans
· Mortgages
· Credit Cards
· Auto Loans
Each product is marketed by a separate team and which is headed by a Sales Manager who reports to the Sales Head. Each Sales Manager in turn has two Sales Officers who are responsible for sales and profitability of the product.
The Sales Head has decided that the Sales Officer of each product will not have access to the information of other products. However, each Sales Manager will have access to Sales figures of the other products.
Using the Oracle Infrastructure Security Hierarchy feature Administrator can provide information security at hierarchy level by defining security options for each hierarchy node. Thus, the Bank can control access of information at a node level and not increase the overheads.
This is how it is done in Oracle Infrastructure:
· First, the users are created in Oracle Infrastructure and then, a business hierarchy (as defined above) is created.
· Now, the bank can restrict access of certain information to certain people in the Hierarchy Security configuration.
· In this window, the administrator can control security by mapping the users to various nodes in hierarchy.
For example, the administrator maps Sales Officer 1 and Sales Officer 2 to only the Personal Loans Node in the Product hierarchy. This restricts Sales Officer 1 and 2 to only viewing and maintaining their particular node in the hierarchy.
By default, all the users mapped to a domain can access all the hierarchy levels to which they are mapped. This function allows the administrator to restrict or exclude a user/s from accessing restricted nodes.