3 Managing User Administration and Security Configuration

This chapter provides instructions for setting up and configuring the Security Management System (SMS) to support Behavior Detection (BD) applications, user authentication, and authorization.

This chapter focuses on the following topics:

• Administrator User Privileges
• User Provisioning Process Flow
• Managing User Administration
• Adding Security Attributes
• Mapping Security Attributes to Organizations and Users

Administrator User Privileges

User administration involves creating and managing users and providing access rights based on their roles. This section discusses the following:

• Administrator permissions
• Creating and mapping users and user groups
• Loading and mapping security attributes

The following lists the access permissions of the Alert Viewer Administrator under BD:

• User Security Administration
• Alert Assigner Editor
• Alert Creator Editor
• Alert Scoring Editor
• Common Web Service
• User Administration
• Security Management System
• Security Attribute Administration
• Manage Common Parameters
• Unified Metadata Manager

Note:

If KYC/FATCA is deployed with BD, the respective Administrator must be mapped with the KYC/FATCA Administrator group, as well for other BD-related access.

User Provisioning Process Flow

The following table lists the various actions and associated descriptions of the user administration process flow:

Table 3-1 User Provisioning Process Flow

Action	Description
Managing User Administration	Create users and map users to user groups. This allows Administrators to provide access, monitor, and administer users.
Adding Security Attributes	Load security attributes. Security attributes are loaded using either Excel or SQL scripts.
Mapping Security Attributes to Organizations and Users	Map security attributes to users. This is done to determine which security attributes control the user’s access rights.

Requirements to Access BD Applications

A user gains access to BD applications based on the authentication of a unique user ID and password. To access the BD applications, you must fulfill the following conditions:

Table 3-2 Requirements

Applications	Conditions
Alert Viewer	Set of privileges that associate functional role with access to specific system functions. One or more associated organizational affiliations that control the user's access to alerts. Relationship to one or more scenario groups. Access to one or more jurisdictions. Access to one or more business domains.
Watch List Management	Set of policies that associate functional roles with access to specific system functions. Access to one or more jurisdictions. Access to one or more business domains.
Administration Tools	Set of policies that associate the admin functional role with access to specific system functions.