C.2 Managing User Groups

The following sections describe how to manage User Groups:

• Defining User Group Maintenance Details
• Adding New User Group Details
• Mapping Users to User Groups
• Mapping User Group(s) to Domain(s)
• Mapping a User to a Single User Group

Defining User Group Maintenance Details

For more information on defining user group maintenance details, see the Identity Management section of Oracle Financial Services Analytical Applications Infrastructure User Guide.

Adding New User Group Details

For more information on adding new user group details, see the Identity Management section of Oracle Financial Services Analytical Applications Infrastructure User Guide.

Mapping Users to User Groups

One user can also be used against multiple roles. If multiple roles are allocated to a single user, then the availability of actions depends on the Four Eyes approval option. If Four Eyes approval is off, then the user can take all actions available by the allocated roles, with no duplicates. If Four Eyes approval is on, then action linked to a role that does not require Four Eyes approval takes precedence if there is a conflict. For more information on mapping users to user group, see the Identity Management section of Oracle Financial Services Analytical Applications Infrastructure User Guide.

Mapping User Group(s) to Domain(s)

To map user group or groups to domain or domains, see the Identity Management section of Oracle Financial Services Analytical Applications Infrastructure User Guide.

Actions to Role mappings are done through Database tables. Sample action to role mappings are included in the application. For more information on changing the mapping of roles to actions, see the Working with Alert Action Settings section of the Configuration Guide.

Actions are primarily associated with a User Role, not an individual user. However, the ability to Reassign To All when taking a Reassign action is associated at the individual user level. Reassign To All means that a user is allowed to assign to users and organizations that may not be within their normal viewing privileges.

Mapping a User to a Single User Group

If a user has only one role then that user can be mapped to a single User Group associated with that User Role. For more information on mapping a user to a single user group, see the Identity Management section of Oracle Financial Services Analytical Applications Infrastructure User Guide

Mapping a User to Multiple User Groups

If a user has more than one role within FCCM (that is, within both TBAML and Enterprise Case Management), then the user must be mapped to the different User Groups associated with the corresponding role. When the user logs into FCCM, the user access permissions are the union of access and permissions across all roles.

Mapping a User to an Organization

If a user is mapped to an organization indicating that it is the line organization for the user and if there exists any child organization for that line organization, then those organizations are implicitly mapped to the user as a business organization. If the same organization is already mapped as the business organization, then the child of the organizations should not be mapped to the user implicitly by the system.

If an organization is implicitly mapped to the user based on line organization association, the user can still be unmapped from that organization if there is a need to limit them from seeing the organization. The organization still shows (I) in the Organization list to show that the organization is a child of the line organization. But the fact that it is not selected will prevent the user from being mapped to it.

The following rules apply:

• Users can have only one organization as the line organization.
• A child organization can have only one parent organization

To map organizations, follow these steps:

1. Select a user from the Select User drop-down list.
2. Select the line organization or organizations you want to map the user to from the Line Organization drop-down list.

   Note:

   then the business organizations associated to the Line Organization must be implicitly mapped and display the organizations as well.

   The system visually distinguishes the Implicit (I), which is the system determination based on line organization and Explicit (E), which was manually added by the user mapping, of business organizations. The system displays either I or E in the brackets to indicate that the grid displays two different column, one for Implicit and the other one for Explicit mapping.

3. Click Save.

Mapping a Function to a Role

The following list of functions must be mapped to appropriate TBAML User Roles through Function- Role Map function, which is available in the Security Management System, by logging in as the System Administrator in the OFSAAI toolkit.

Table C-1 Function to Role Mapping Details

Function	Description
AMACCESS	All behavior detection user roles should be mapped to the function AMACCESS in order to access an FCC TBAML event. Users of roles that are not mapped to this function cannot access the details of the Alerts.
CMACCESS	All Case Management user roles should be mapped to the function CMACCESS in order to access a Case. Users of roles that are not mapped to this function cannot access the details of the Case.
RSGNTALL	This function should be mapped to Case Analyst1, Case Analyst2 and Case Supervisor Roles to assign ownership of a case without applying restriction on the Organization associated with the Case. If the ownership assignment is required to be restricted based on Organization associated with the Case for any of these user roles, then the RSGNTALL function need not be mapped to the above roles.