3.5 Missing Function Level Access Control

This topic explains in missing the function level access control.

Likely, users working in the same department at the same level of hierarchy need to have similar user profiles. In such cases, you can define a Role Profile that includes access rights to the functions that are common to a group of users. A user can be linked to a Role Profile by which you give the user access rights to all the functions in the Role Profile.

Application level access has been implemented via the Security Management System (SMS) module. SMS supports ROLE BASED access of Screens and different types of operations.

FLEXCUBE Universal Banking Solutions supports dual control methodology, wherein every operation performed has to be authorized by another user with the requisite rights. Please refer the SMS user manual for more details.

Apart from the role based access control of particular functions, products can be restricted for the user as described below.

• Disallowed functions: Function IDs or UI level restrictions can be provided for the user by including the function Ids in the disallowed list. This will restrict the user from accessing the UI. When accessed, an error message dialogue box displays User not authorized to access the screen.
• Disallowed account class: The user could be restricted to perform any operation using a particular account class. When disallowed, no accounts could be created by the user using the account class.
• Disallowed products: The user could be restricted to use the product(s) of any module(s) if disallowed. This is really required when restricting users department wise. For example, staff of the accounts department need not be given access to view the loans of customers.
• Disallowed branches: The user could be restricted to access branches other than his branch (reporting branch). He can be given access to login from other branches of the bank at approval from the authenticated person, an action which again requires manual authorization.