Mapping Users To Access Control Metadata
An Administrator can map each user to Access Control Metadata and Security attributes which will control theuser's access permissions. The Security Attribute Administration can be accessed from the Administration menu.
Note:
Before proceeding with providing a user access through this UI, all necessary data should be available in the appropriate database tables and the user needs to be created.Figure 8-1 Components of Security Attribute
In order to update the user profiles before proceeding with mapping any security attributes, select the value User from the Choose User Type drop-down list. When chosen, all the updates made to all the user profiles through User Maintenance UI would be imported from CSSMS_USER_PROFILE table of OFSSAAI configuration schema to KDD_REVIEW_OWNER table of mantas schema.
This action would not affect the security attributes that might be already mapped.
Once the user details are imported, the security attributes should be mapped/remapped.
The drop-down lists have options for both Organizations and Users. To map an organization, select the organization from the drop-down list and select the corresponding Organization in the ChooseUser drop-down list.
The Choose User drop-down list filters its values based on the value selected in the Choose User Type selection drop-down list. It shows only users, if the UserType is User; and it shows only organizations, if the UserType is Organization.
After selecting the desired user in ChooseUser drop-down list, the Administrator can map the following parameters to the selected user:
- Organization: A User or Organization's access to other Organization depends on the selection(s) made for this organization parameter. For Example, if a user is mapped Org1 and Org2, it implies that, user can access alert/case, which belongs to these two organizations, provided other security attributes are also matching.
- Jurisdiction: Mapping of one or more jurisdictions to a user or organization, gives the privilege of accessing cases, alerts, watch lists, and watch list members that belong to the mapped jurisdiction.
- Business Domain: Mapping of one or more business domains to a user or organization gives privilege of accessing cases, alerts, watch lists, and watch list members that belong to the mapped business domains.
- Scenario Group: Mapping of one or more Scenario Groups to a user or organization gives the privilege of accessing alerts that belong to the mapped scenario Group.
- Correlation Rule: Mapping of one or more correlation rules gives the privilege of viewing the correlations generated based on the mapped correlation.
Additional Parameters
Other parameters, such as, Line Organization, Own Case Flag and Own Alert flag can be selected in the corresponding drop-down list mentioned in the screen and can be updated by clicking the Save button.
Note:
The Own Alert and Case flag is required for taking ownership of the alerts and cases. If an alert user needs to perform a Promote To Case action, then the following pre-requisites should be fulfilled.The user should be mapped to any one of the following user groups:
- Case Supervisor
- Case Analyst1
- Case Analyst2
- The user's 'Case Own' flag should be enabled by setting the value to 'Y'. Or
The user should be mapped to the Case Initiator Role.
Note:
You must map the scenario group and case type to all users even if they are not case or alert management users.