User Roles and Permissions Creation

Owned by Nisha Kumari (Unlicensed)
Last updated: Jun 22, 2023
6 min read

OBJECTIVE

In this section of the manual, you will know:

  1. How to create user role

  2. How to add permission to the user role

  3. How to map/give permission to the user

Step 1: How to create User Role

  1. Log-in to the instance with the user Id and password. Click on the drop-down beside ‘User Access Management’ under ‘Admin Home’ and you will see different options under that as shown. Then click on ‘User Roles' option.

2. Once you click on ‘User Roles’ option, you will see the below screen. Click on ‘New User Role’ button to create a new user role.

3. Once you click on ‘New User Role’ button, you will get the below screen. Fill all the mandatory details as required and click on ‘Save’. The mandatory fields are:

  • Name: Name of the Role, the same name will appear in when assigning roles to user.

  • Description: Write the description of the role.

  • Operation Start Time: Using Operational Start Time and End time one can control during what time period the role is active, if the user tries to perform actions which need these permissions, then the user cannot perform before this time.

  • Operation End Time: Using Operational Start Time and End time one can control during what time period the role is active, if the user tries to perform actions which need these permissions, then the user cannot perform after this time.

4. Once you click on ‘Save’ button, you will see a pop-up which confirms that role has been created successfully. You can view the user role by selecting and clicking on it.

Step 2: Adding Permission to the User Role

  1. Once you select the user role (for example: Special user), you will see the below screen which contains basic information. You will also get options to ‘Enable’, ‘Edit’ and ‘Delete’ the user role. Click on ‘Edit’ button present at the top-right corner of the page.

2. Once you click on ‘Edit’ button, you will see the below screen showing various categories and permission types. A search box is also provided under ‘Assigned Categories’ and ‘Permissions’ to search for any particular category and permission.

For example: I have created a user role named Special user who can access all special permissions.

To Add/Assign permissions to the ‘Special user’ role, you need to follow these steps:

  1. Enter the type of category in the search box under ‘Assigned Categories’. Search for ‘Special’ because I want to assign special permissions to the user role).

2. Click on ‘Special’ which popped-up once you hit the search icon under ‘Assigned Categories’. Once you click on ‘Special’, you will see various permission types under ‘Permissions’. Then click on the check box present along the permission type to select that particular permission.

Special Permissions

  • Finflux platform has set of special permissions to ease the process of creating some special purpose permission groups.

  • User should properly understand how these permissions behaves before assigning these permissions to any role (Permission Group).

  • All the permissions except special permissions allow only one action to be performed through one permission.

  • System has four special permissions:

  1. ALL FUNCTIONS: “All Functions” permission provides access to the user (“who has inherited this permission though role“) to view all the data and screens in the application and as well as perform all the actions in the system

    Who needs this permission?

    Ideally this permission is used only during the initial setup of the system and assigned to the Finflux users who are doing the configuration and setup of the system, it is not recommended to use this permission post go live (post-production).

  2. ALL FUNCTIONS READ: “All Function Read“ permission provides access to the user (“who has inherited this permission though role“) to view all the data and screens in the application.

    Who needs this permission?

    This permission is useful to users like auditors, internal support team, and financial institution’s IT team.

  3. BYPASS EOD PROCESS: In a financial institution, the term "bypass EOD process" typically refers to circumventing or skipping the End-of-Day (EOD) process. The EOD process is a series of tasks and procedures performed by financial institutions at the close of each business day to ensure accurate and up-to-date financial records. These tasks can include reconciling accounts, updating balances, generating reports, and performing system backups, among other things.

    Who needs this permission?

    This permission is typically granted to individuals or roles that have a high level of authority or responsibility like CTO, CFO, CRO, Head of Operations. These are usually senior personnel who can make critical decisions and override normal operational procedures under specific circumstances.

  4. CHECKER SUPER USER: “Checker Super User“ as name suggest, this permission provides the user to act as checker for all the actions across the system.

    Otherwise, every action is associated with its own checker permission.

    Who needs this permission?

    Financial Institute’s HO level staff who act as backup for branch level approvers or State level approvers who can do approvals for different use cases.

  5. REPORTING SUPER USER: “Reporting Super User“ permission provides access to the user (“who has inherited this permission through a role“) to view all the reports in the system.

    Who needs this permission?

    MIS team, internal IT team, support team and CXOs.

3. Select all the permission types as shown because I want the user to access all the special permissions. You can select accordingly. Finally, click on ‘Activate’ button to proceed.

4. Once you click on ‘Activate’ button, you will see a pop-up which confirms that permissions have been updated as shown.

Step 3: How to map/give permission to the user

  1. Click on the drop-down beside ‘User Access Management’ under ‘Admin Home’ and you will see different options as shown. Then click on ‘Users' option.

2. Once you click on ‘Users’ option, you will see the below screen. Click on ‘Add User’ button to create a new user.

3. Once you click on ‘Add User’ button, you will see the below screen. Fill all the mandatory fields as required. In ‘Permission Groups’ field under ‘Add Permission Groups’ section, you will get various options to choose from as shown. Select the user role which you created in Step 1 (I will select ‘Special User’). You will also get option to delete the permission group added by you (by clicking on the bin icon present beside the selected permission group). Then, click on ‘Submit’ button.

4. Once you click on ‘Submit’ button, you will see the below screen which shows that the permissions have been successfully assigned/mapped to the user as shown.

How to view the permissions assigned to a particular role

  1. To view the permissions assigned to any particular role, you need to run the below query:

Query:

SELECT
m.id 'Role Id',
m.name 'Role Name',
mm.grouping 'Permission Group',
mm.code 'Permission'FROM m_role m
LEFT JOIN m_role_permission mp ON mp.role_id=m.id
LEFT JOIN m_permission mm ON mm.id=mp.permission_id
WHERE m.id=8 

2. Once you run the query, you will be able to view all the permissions assigned to any particular role as shown in the below screen (For example: I have created a role named: ‘

test report’. Now, when I run the query, I can view all the permissions assigned to the role named: ‘test report’).