1. Common Core - Security Management System User Guide
  2. Security Management

1 Security Management

This topic explains how to define and maintain the security of the banking system in terms of user access and roles.

Controlled access to the system is a basic parameter that determines the robustness of the security in banking software. In Oracle FLEXCUBE Universal Banking, we have employed a multi-pronged approach to ensure that these parameters are in place.

Table 1-1 Security Management Parameters

Security Management Parameters Description
Only Authorized Users Access the System First, only authorized users can access the system with the help of a unique User ID and a password. Secondly, a user should have access rights to execute a function.
User Profiles The user profile of a user contains the User ID, Password, and Functions to which the user has access.
Restricted Number of Unsuccessful Attempts Define the maximum number of unsuccessful attempts after which a User ID should be disabled. When a User ID has been disabled, the administrator should enable it. The password of a user can be made applicable only for a fixed period. This forces the user to change the password at regular intervals thus reducing security risks. Further, define passwords that could be commonly used by a user as Restrictive Passwords at the user, user role, and bank level. A user cannot use any password that is listed as a Restrictive Password at any of these levels.
Restricted Access to Branches Indicate the branches from where a user can operate in the Restricted Access screen.
All Activities Tracked An extensive log is kept of all the activities on the system. The user can generate reports on the usage of the system anytime. These reports give details of unsuccessful attempts at accessing the system along with the nature of these attempts. It could be an invalid password attempt, the last login time of a user, etc.
Audit Trail Whenever a record is saved in the module, the ID of the user who saved the record is displayed in the Input By field at the bottom of the screen. The date and time at which the record is saved are displayed in the Date/Time field. A record that is entered should be authorized by a user, bearing a different login ID, before the EOD is run. Once the record is authorized, the ID of the user who authorized the record will be displayed in the Authorized By field. The date and time at which the record was authorized are displayed in the Date/Time field positioned next to the Authorized By field. The number of modifications that have happened to the record is stored in the field Modification Number. The status of the record whether it is Open or Closed is also recorded in the Open check box.

Bank Level Parameter Setup

Refer to the following topics for detailed information:

Bank Restriction

Refer to the topic unresolvable-reference.html#GUID-0529571F-0661-4222-BEAD-176E9E31D508 for detailed information.

User Details Modification in Bulk

Refer to the topic unresolvable-reference.html#GUID-EB4FFD47-8DC1-46C7-B29B-347F1B027641 for detailed information.

Common Branch Restrictions

Refer to the topic unresolvable-reference.html#GUID-591E3E80-4310-43D5-B1D8-BE308CCBFA57 for detailed information.

Function Maintenance

Refer to the following topics for detailed information:

Defining Password Restriction

Refer to the topic unresolvable-reference.html#GUID-D1BFF28F-1FE5-4E78-8489-70E6F45EF079 for detailed information.

User Role Maintenance

Refer to the following topics for detailed information:

User Holidays Maintenance

Refer to the following topics for detailed information:

User Creation

Refer to the following topics for detailed information:

User Profile Entitlements

Refer to the following topics for detailed information:

Customer Access Group Maintenance

Refer to the topic unresolvable-reference.html#GUID-9FA6AC0C-B7B1-4147-A6E0-2F705C7CCF7A for detailed information.

Personally Identifiable Information

Personally Identifiable Information (PII) is information that can be used on its own to identify a person. Any information that is used to distinguish one person from another can be personally identifiable information. It can be any information like Name, Contact Details, Demography Information, Financial Information, SSN, Passport Number, etc. Oracle FLEXCUBE Universal Banking allows masking, forgetting or restricting access to Personally Identifiable Information of a user. It is possible to mask or forget the PII based on the maintenance in Masking Maintenance and Forget Customer PII Maintenance screens.

The following flow chart explains the data flow of Personally Identifiable Information (PII):

Figure 1-1 Personally Identifiable Information (PII)

Description of Figure 1-1 follows
Description of "Figure 1-1 Personally Identifiable Information (PII)"
Personally Identifiable Information captured in the system are categorized as below:

Table 1-2 Personally Identifiable Information (PII)

User Personal Information Category Personal Information Data
Customer Name User Name

Mask Maintenance

Refer to the topic unresolvable-reference.html#GUID-3712D5BD-4780-4B7A-A088-BFFE0FF4F901 for detailed information.

Forget Customer

Oracle FLEXCUBE Universal Banking allows to sanitize the data by forgetting the customer’s Personally Identifiable Information (PII) once their accounts are closed. This is useful when data cannot be deleted due to referential integrity. The following are the screens through which the user can query the details of a customer:
  • STDCIFCR (External Customer Input)
  • STDCRACC (External Customer Account Input)

However, while viewing the details of a customer whose data is forgotten, the system displays a message that says the details of the forgotten customer can’t be viewed.

The topic contains following sub-topics:

Log Access

Refer to the topic unresolvable-reference.html#GUID-C7C7F99C-2BBE-42A0-8894-FF7EBD6521C8 for detailed information.

Department Details

Refer to the topic unresolvable-reference.html#GUID-ACD05D79-6297-4F94-B5F4-4E6039A5B63C for detailed information.

Process Codes

Refer to the topic unresolvable-reference.html#GUID-F57FB17F-86BA-49F1-9C3E-08C77F1EE50B for detailed information.

Single Sign On (SSO) Enabled Environment

Refer to the topic unresolvable-reference.html#GUID-B5E38A96-DD02-4607-B062-DAA3143F60A0 for detailed information.

Defining Entity Maintenance

Refer to the topic unresolvable-reference.html#GUID-900EEE9F-40B3-4D82-8C3F-716C56ED94EA for detailed information on entity maintenance.