Roles (Permission Groups) and Permissions
At Finflux we understand Banking and Finance business needs a robust mechanism to protect customer data, transactions and prevent any potential frauds, to achieve the highest level of safeguard, Finflux platform offers Roles and Permissions. Using Roles and Permissions, the admin can provide fine-grained control of how a user can use the Finflux platform (what user can view, what actions user can do in the platform).
Understanding the use of Roles (Permission Group) and Permissions
As Financial institutions, there are many types of Finflux platform users and third-parties that need access to Finflux, in all these cases the operations and data scope required for those users are different. Roles (Permission Group) and Permissions helps defined permission scope in these scenarios.
Use case 1 : ABC Finserv management and operation team wants to appoint a collection agency, now the collection agency wants to provide their collection agents access to Finflux to get the collection details on daily basis.
The request comes to ABC Finserv IT department, stating that they need to create 25 users for the collection partner agents, now the internal IT department needs to think, what roles need to assign to these agent users.
IT team analyse the requirements and makes a list of information and actions that the collection agent need from Finflux
Customer basic information and contact details
Loan basic details
Demand report and Collection summary report
Record repayments
Step 1. Identify the new roles (permission groups) required
ABC Finserv IT admin login to Finflux platform, navigate to admin > system > roles and permission, identifies is there any relevant roles that can be reused and how many new roles (permission groups) need to create
It is better to create multiple roles, each of these roles have logical roughing of permissions to perform some meaningful activities in the Finflux platform. The system allows to create one role that can provide all the permission required for the user
Example for improper definition: Role name as “loan officer” and provide all the access require by the loan officer under the single role
Example for better definition: Create multiple roles like, “client basic info - read-only”, “client basic info - all activities”, “loan origination”, “loan underwriting and approval“, “loan repayments, single and bulk“, “reports-field staff”, “report-branch manager”, “report-finance & accounting”, “manage users”
There is already a role (permission group) called “client basic info (read-only)” that can be used to provide access to view client information, but there are no roles (permission group) for “loan basis info” nor for “reports” and enter “repayment transactions” related
Step 2 : Create the new role
In previous step we identified that three new roles (permission groups) are required [loan basis info, reports-custom, repayment transactions ]
Let’s begin to create those roles, we understand the three roles need to be created, we will create one by one
Defining ‘Repayment transactions’ role: Before we begin creating the role (permission group), we should identify what are the operations we want to allow through this role (permission group). We are creating this role to provide user to enter repayment in the system, there are two ways to enter repayments, either using collection sheet (Individual collection sheet or Group collection sheet) or using a repayment option at the loan level, then this role requires permission to fetch collection sheet, fetch repayment template and submit repayment through collection sheet or at each loan level.
Now we are good to go ahead and create a new role in the system
Login to Finflux platform, navigate to admin > system > roles and permission then click on “add role”
Field Name | Description |
---|---|
Name | Name of the Role, the same name will appear in when assigning roles to user |
Description | Write the description of the role |
Operational Start Time | Using Operational Start Time and End time one can control during what time period the role is active, if the user tries to perform actions those need these permissions then the user can’t do before this time |
Operational End Time | Using Operational Start Time and End time one can control during what time period the role is active, if the user tries to perform actions those need these permissions then the user can’t do after this time |
Role based limitation | In case this role has permission to do loan approvals, then this option decides what is loan approval limit for this role, otherwise this field has no significance |
Enter the details and click on submit
Step 2 : Edit permission associated with the role
Click on “edit”
now it is time to find permissions related to this role, as discussed earlier we want to assign permission to ‘read collection sheet’, ‘submit collections sheet’, ‘read loan repayment due’ and ‘submit the repayment’
Special permissions
Finflux platform has set of special permissions to ease the creating some special purpose permission groups, in this document we will understand what are those special permissions and when we need them
System has four spacial permissions
ALL FUNCTIONS
ALL FUNCTIONS READ
CHECKER SUPER USER
REPORTING SUPER USER
ALL FUNCTIONS :
“All Functions” permission provides access to the user (“who has inherited this permission though role“) to view all the data and screens in the application and as well as perform all the actions in the system
Who needs this permissions?
Ideally this permission is used only during the initial setup of the system and assigned to the Finflux users who are doing the configuration and setup of the system, it is not recommended to use this permission post go live (post production)
ALL FUNCTIONS READ :
“All Function Read“ permission provides access to the user (“who has inherited this permission though role“) to view all the data and screens in the application.
Who needs this permissions?
This permission is useful to users like auditors, internal support team, and financial institution’s IT team
CHECKER SUPER USER:
“Checker Super User“ as name suggest, this permission provides the user to act as checker for all the actions across the system.
Otherwise, every action is associated with it’s own checker permission
Who needs this permissions?
Financial Institutes’s HO level staff who act as backup for branch level approvers or State level approvers who can do approvals for different use cases
REPORTING SUPER USER
“Reporting Super User“ permission provides access to the user (“who has inherited this permission through a role“) to view all the reports in the system.
Who needs this permissions?
MIS team, internal IT team, support team and CXOs
Related articles
Related topics
Users
Audit Trail
Two Factor authentication
Password Policy
Captcha for Login
Data Scope