User Roles and Privileges

In Oracle Financial Crime and Compliance Management Cloud Service, users have roles through which they gain access to functions and data. Users can have any number of roles.

The following figure shows the User Persona Details:

 User Persona Detail

NOTE:   

User-Group mapping changes from IDCS will take 5 minutes to sync with application. If these changes are made during active user session then it will be reflected on next login.

 

Role-Based Access Control

Role-based security in Oracle Financial Services Crime and Compliance Management Cloud Service controls who can do what on which data.

This table summarizes role-based access.

Component

 Description

Who

Is a role assigned to a user?

What

Is a function that users with the role can perform?

Which Data

Is the set of data that users with the role can access when performing the function?

 

This table provides some examples of role-based access.

Who  

What

Which Data

Data Administrator

Can perform Data Preparation and ingestion

Business Data

Case Analyst

Can view cases and update cases

Business and Operational Data

 

NOTE:   

The new user should have the following roles to access Home page of the Cloud application.

·        Function read role

·        Group read role

·        User read role

·        Role read role

About User Access Mapping

In order to allow users to access functions in the application, Administrators must classify users and the functions they are permitted to access. The Functions imply controlling various actionable units in the application via functional access. For example, create a case, add a customer, add an account, etc.

Users are mapped to groups,which must be mapped to specific security attributes, such as Business Domain and Jurisdiction. Groups are mapped to Roles, and Roles are mapped to Functions. Users can perform activities associated with their user group throughout the functional areas of the application.

Before mapping security attributes, you must complete the following:

1.     Create users

2.     Map users to user groups

3.     Create business domains

4.     Create jurisdictions

5.     Map user groups to security attributes

Security within the Application

Security layers control how users interact with the application. The following table describes the security layers.

Security Layer

Type

Controls

Description

Roles

Access to Features and Functions

User roles identify which features and functions the user can access within the application.

For example, Case Analysts can access and take action on cases.

Business Domains

Access to Case and Business Information

You can restrict access along operational business lines and practices, such as Retail Banking. Users can only see cases that are assigned to at least one of the business domains their user group is mapped to.

Jurisdictions

Access to Case Information

You can restrict access using geographic locations and legal boundaries. Users can only see cases that belong to the jurisdiction their user group is mapped to.

User Group and Roles Mapping in Oracle FCCM Cloud Service

The following table provides the User Group, User Role mapping, and activities. 

Group

User Role

Functionality

Identity Administrator

Identity Administrator

·        View the reports

·        View the object storage

·        View the OAUTH credentials

·        Perform the Identity and access management operations

Identity Authorizer

Identity Authorizer

Authorize the Identity and access management operations

IDCS Administrator

IDCS Administrator

·        Create users

·        Map users to IDNTY_ADMIN group

·        Map users to IDNTY_AUTH group

TM User Groups
TM Group - OFS_TM

Pipeline Administrator Group

Pipeline Administrator

·        Configure pipelines

·        Configure threshold sets

Threshold Administrator Groups

CS Administrator

Load watch list data

Investigation Hub User Groups

IHUB  Administrator Group

IHUB Administrator

·        Configure jurisdictions and business domains

·        Configure case statuses

·        Configure case actions

·        Configure case system parameters

·        Configure Default Graph UI Settings

·        Manage Case Template

IHUB Analyst Group

IHUB Analyst

·        Search for cases

·        Investigate cases

·        Generate Dossier

·         Recommend case closure

IHUB Supervisor Group

IHUB Supervisor

·        Overwrite updates made by Analyst

·        Search for cases

·        Investigate cases

·        Generate Dossier

·        Approve or reject recommendations to close cases

·         Close cases

Scheduler Service User Groups

Job Administrator Group

Job Administrator

Manage jobs

Scheduler Administrator Group

Scheduler Administrator

Manage batches

Process Modelling Framework (PMF) User Groups

IHUB Administrator Group

Manage Workflow Monitor

Access the Manage Workflow Monitor

window

 NOTE: The mapping of this role does not allow view, edit, and add actions.

IHUB Administrator Group

 

Workflow Access

Access the Process Modeller menu from the Navigation Tree

NOTE: The mapping of this role does not allow view, edit, and add actions

IHUB Administrator Group

 

Workflow Monitor Access

Access the Process Monitor window

NOTE: The mapping of this role does not allow view, edit, and add actions.

IHUB Administrator Group

 

Workflow Read

View the PMF workflow

IHUB Administrator Group

 

Workflow Write

Perform view, edit, and add actions in

PMF

 

NOTE:   

Administrators must be mapped to all the roles described in the preceding table to allow them to perform these operations in PMF.

 

User Roles in Investigation Hub

Privileges

Case Supervisor

Case Analyst

Access Cases

x

x

Search for Cases

x

x

View Case List

x

x

View Case Summary

x

x

View Event Details

x

x

Set Event Decision

x

x

Generate Dossier

x

x

View/Expand Graph

x

x

View Graph History

x

x

Edit Graph Settings

x

x

View Alerted transactions

x

x

Add/View Accounts

x

x

Add/View Customers

x

x

Add/View Transactions

x

x

Add/View External Entities

x

x

View Related Case

x

x

View Related Events

x

x

Set Case Assignee

x

x

Recommend Close without Regulatory Report

 

x

Recommend Close with Regulatory Report

 

x

Reject Recommendation

x

 

Close a Case as False Positive

x

 

Close a Case as True Positive

x

 

View Evidence (Attachment and Comment list)

x

x

Add Document

x

x

View Attachments

x

x

Add/Edit Narrative

x

x

View Narrative

x

x

Add Investigation Comments

x

x

Generate CRR Reports

x

 

Save Search Criteria of Case List

x

x

Export Case List in Excel

x

x

Export Transactions in Excel

x

x

User Roles in Investigation Hub Administrator

Privileges

Case Admin

Add Case Status

x

Edit Case Status

x

Add Case Action

x

Edit Case Action

x

Mapping the Action to Status

x

Mapping the Action to User Role

x

Configuring Case System Parameters

x

Add Business Domains

x

Edit Business Domains

x

Add Jurisdictions

x

Edit Jurisdictions

x

Configuring Security Mappings

x

Manage Case Template

x

Create Case Template

x

Update Case Template

x

Delete Case Template

x

Configure Default Graph UI Settings

x