9 Creating Custom User Groups Using IAM Console

This feature allows users to create a custom user group in Identity and Access Management (IAM) console, map it to a user and post the login into the application, the user groups are synchronized in the AFCS application. Users can also map the relevant roles to custom user groups in the application.

Note:

User role creation is not supported in the application.

Note:

User Groups must only be created in the IAM console to be synchronized in the AFCS application.

Note:

DIS roles cannot be mapped directly to any custom group. If a DIS functionality is required, then the corresponding DIS group (Ex: AFCS-BIConsumer, AFCS-BIContentAuthor, AFCS-BIAdministrator, AFCS-DVConsumer, AFCS-DVContentAuthor, AFCSPIVWGRP, AFCSFINHEAD, AFCSFINANALYST and AFCSFINACCOUNTANT ) must be mapped to the user, in addition to any relevant custom groups.
User groups must be created based on the roles mentioned in the table below:

Table 9-1 Users Roles and Description

Role Code User Role Name Description
GRP_READ, USR_READ,FUNC_READ, ROLE_READ, ACCINTVW, CATLGVW Group Read Role, User Read Role, Function Read Role, Role Read Role, Accounting Integration View and Data Catalogue View Mandatory roles needed to login to AFCS and view the home page.
ACCINTANLST Accounting Integration Business Tasks Additional role needed to Create, Delete, Edit and publish SLAs.
CATLGANLST Data Catalogue Business Tasks Additional role needed to Log an issue to Data Catalog.
DIVIEW Data Integration View Additional role needed to view Data Ingestion and Data Extraction link in LHS.
DIANLST Data Integration Business Tasks Additional role needed to Create, Save and Delete DI objects (Data Extraction and Data Ingestion).
RECONVIEW Reconciliation View Additional role needed to view Balance Reconciliation.
RECONANLST Reconciliation Business Tasks Additional role needed to View and Edit Balance Reconciliation.

Note:

For more information on User Roles and their description, see User Roles and Descriptions.
To create a custom user group, follow these steps:
  1. Login into the IAM console.
  2. Navigate to the domain and select User Management in the User Interface.
  3. Under Groups section, click Create group button and the Create group details page is displayed.
  4. Enter the Group name and Description.

    Note:

    Group Name can only have underscore "_" as a special character and other special characters are not supported from AFCS.
  5. Enable the toggle for Users can request access to request access to the group.
  6. Under Users section, search for the user you wish to assign this group to, select the user and click Create. The group is now created and assigned to the corresponding user.
  7. From the Group section, search for AFCS Administrator Group, Identity Administrator Group and Identity Authorizer Group and click Assign user to Group button.

    Note:

    It is mandatory to assign users to AFCS Administrator Group and Identity Administrator Group or Identity Authorizer Group to access Admin Console User Interface in the AFCS application.