4.2.9 Authentication and Authorization
This topic provides information on authentication and authorization.
First, only authorized users can access the system with the help of a unique User ID and a password. Secondly, a user should have access rights to execute a function. The user profile of a user contains the User ID, the password and the functions to which the user has access. Oracle FLEXCUBE operation such as new, copy, query, unlock etc will be enabled based on function rights available for the user. The function rights will be checked for each operation performed by the user.
Administrator can define the maximum number of unsuccessful attempts after which a User ID should be disabled. When a User ID has been disabled, the Administrator should enable it. The password of a user can be made applicable only for a fixed period. This forces the user to change the password at regular intervals thus reducing security risks. Further, Administrator can define passwords that could be commonly used by a user as Restrictive Passwords at the user, user role and bank level. A user cannot use any password that is listed as a Restrictive Password at any of these levels.
Provided user has opted for the SSO Enabled option at bank level, user can log in from an LDAP (Oracle Internet Directory) external system into Oracle FLEXCUBE Investor Servicing Solutions. After successful authentication and authorization of the user is carried out by the LDAP (Oracle Internet Directory), a request is forwarded to gain access into Oracle FLEXCUBE Investor Servicing Solutions without specifying Oracle FLEXCUBE user ID and password.
The authentication process of application is as follows:
- System verifies user availability in Database
- System verifies record status (Open) of user
- System verifies Authorization status (Open) of user
- System verifies user status (Disable, Hold, Locked)
- System verifies Role based access rights and time level permits
- System verifies user profile expiry
- System compares user provided password after hashing against Database password
Parent topic: Oracle FLEXCUBE Investor Servicing Controls