Securing Accounts Based On Customer Class
Assume the following security requirement exists:
- You have two broad groups of accounts:
- Financial services accounts.
- Other accounts.
- Users can be classified as have one of the following access rights:
- May access all accounts.
- May only access financial services accounts.
- May only access other accounts.
The following diagram illustrates the access groups and data access roles required to implement these requirements:
Notice the following about the above:
- There are 2 access groups because access to accounts is based on whether the account is considered to be residential or commercial/industrial.
- The Big Customers data access role is only linked to the C&I access group.
- The Small Customers data access role is only linked to the Residential access group.
- The All Customers access role is linked to both the C&I and Residential access groups. Users with this role can therefore access all accounts.