This topic describes the process of authorization and its types in Oracle FLEXCUBE Investor Servicing.
Normal Process of Authorization in System
Most of the information that you enter in to the system needs to be authorized to be effective. Except for the static information that you typically enter in to the system only once, all other information must be authorized. Authorization is required for all maintenance as well as transactional information in the system.
When you enter information related to any of these events into the system, the record that is initially saved when you complete the data entry is retained in the system as unauthorized information, which must be subsequently authorized to become effective.
Usually, authorizing information in the system is an activity that follows a maker-checker concept, i.e., the user that enters the information must be necessarily different from the user that authorizes the information. Therefore, whereas one user group will have access to functions that involve entering information into the system, a different user group has access to the functions that involve information authorization, and there is no overlap of access privileges.
Auto-authorization Features in System
In some environments, the user that enters the information needs to be able to authorize it simultaneously. In such cases, the maker-checker concept leads to unnecessary delegation of activity, which is undesirable. This means that in such an environment, the user that enters the information must, on saving the entered record, be able to authorize the record. For such environments, the auto-authorization function is provided by the FCIS system. When this function is used, the Save operation in any screen that involves data entry (apart from static information screens) will also invoke and perform the authorization for the records that have been entered.
It is possible to be selective about the business functions for which you need to use the auto-authorization feature. This means that you can enable the auto-authorization feature for the functions for which you require simultaneous authorization on saving the record, and you can keep it disabled for others, allowing them to go through the normal maker-checker process of authorization.
The following features comprise the auto-authorization facility in the system:
- The User Administrator can map the business users to the menu items, and make
auto-authorization feature allowable for any business user–menu item
mapping. All business checks, validations and processes that must be
performed when the authorization happens will be triggered immediately
following the use of the save operation, when the auto-authorization feature
is allowed.
- The User Administrator can enable (or disable) auto-authorization rights at a user
group level. Any user roles and / or users associated with the user group
would inherit the auto-authorization privileges assigned to the user group.
If a user ID is associated with multiple user roles, the most restrictive
privilege assigned to the roles will be applicable.
- You can enable (or disable) the auto authorization feature for data operations in the New mode or the Amend mode, including data entry either for reference information, investor accounts or transactions. For transaction entry operations in either mode, you can enable (or disable) auto authorization for transactions involving any of the following circumstances:
- Transactions for which the transaction currency is the limit currency, and the transaction amount falls within the limit amount for that currency
- Back dated transactions
- Transactions in respect of which applicable loads have been overridden
- Transactions for which third party payment or delivery has been specified
Use Auto Auth screen to allow the auto-authorization feature for a user group and a certain set of menu items.
You must map the user groups to the menu items or the task for which
auto-authorization is applicable.
- On Home screen, type SMDAUTAU in the text box, and click Next.
The
Auto Auth screen is displayed.
- Use this screen to map user groups to the tasks for which auto-authorization is
applicable. If the User Administrator or the Module Administrator users do not
maintain the setup for each of the user groups in this screen, the
auto-authorization is not enabled for that user group.
Enable or Disable Auto-authorization for User Group
- Process the Auto Auth screen.
The auto authorization features that have been enabled for
the module and the group to which the logged in user belongs, are
displayed.
- Click Unlock icon to amend the displayed list.
The screen is displayed in Amend
mode, where you can make your changes. The changes you make will apply to all
users and roles in the Group ID to which the logged in
user belongs, for the logged in Module.
- Make changes as follows to enable auto-authorization:
- Select YES in the New
field for the task item to enable auto-authorization in the
New mode for a task item.
- Select YES in the Modify
field for the task item to enable auto-authorization in the Amend mode
for a task.
- Specify the highest volume of the transaction that can be auto-authorized, in the Limit Amount field to set up the volume limit for transaction data entry task items.
- You must also indicate the currency in which the volume you have specified is reckoned, in the Limit Currency field. You can indicate a different limit for each role or Group ID, if necessary.
- Enable (or disable) the auto-authorization feature for transaction data entry in the following circumstances:
- Back dated transactions: Select YES in
the Restrict Back Dated Transaction field to
disable auto-authorization of backdated
transactions in the selected mode. Select
NO to enable auto-authorization of backdated
transactions in the selected mode.
- Transactions in respect of which applicable loads have been overridden:
Select YES in the Restrict Load
Override Transactions field to disable auto
authorization of load override transactions in
the selected mode. Select NO to enable auto
authorization of load override transactions in the selected mode.
- Transactions for which third party payment has been specified: Select
YES in the Restrict Third Party
Payment Transactions field to disable auto authorization
of third party payment transactions in the
selected mode. Select NO to enable auto
authorization of third party payment transactions in the selected
mode
- Transactions for which third party delivery has been specified: Select
YES in the Restrict Third Party
Delivery Transactions field to disable auto
authorization of third party delivery
transactions in the selected mode. Select
NO to enable auto authorization of third
party delivery transactions in the selected mode.
- Click Save to save your changes when you have finished making the auto-authorization specification for a user group.
The auto-authorization feature is enabled, and when the user invokes the Save operation in any of the applicable task screens, the entered records are saved as authorized records.
- Click Save icon in the Auto Auth screen to enable auto authorization for a user group other than the logged in user group.
The system displays the message as Do you want to cancel the operation?.
- Click OK. The auto authorization record of the logged in user group, which was on display, is closed.
The Auto Auth screen is opened in New mode.
- Select the user group for which you want to enable or disable the auto authorization rights, in the Group ID field.
- Select the corresponding module in the Module ID field, and click OK. Subsequently, proceed to set up the auto-authorization rights in the same manner as described above, for the amend operation.
Operations on Auto Authorization Records
- After you have set up auto authorization for a user group, you must have another user authorize it so that it would be effective in the system.
- Edit the details as many times as necessary before the setup is authorized. You can also delete it before it is authorized.
After authorization, you can only make changes to any of the details through an amendment
- The Auto Auth screen can be used for the following operations on auto authorization setups:
- Retrieval for viewing
- Editing unauthorized setups
- Deleting unauthorized setups
- Authorizing setups
- Amending authorized setups.
- Click on the appropriate buttons in the horizontal array of buttons in the Auto Auth screen to perform basic operations.
