Roles (Permission Groups) and Permissions

Owned by Former user (Deleted)
Last updated: Oct 08, 2020 by Nayan Ambali
6 min read

At Finflux we understand Banking and Finance business needs a robust mechanism to protect customer data, transactions and prevent any potential frauds, to achieve the highest level of safeguard, Finflux platform offers Roles and Permissions. Using Roles and Permissions, the admin can provide fine-grained control of how a user can use the Finflux platform (what user can view, what actions user can do in the platform).

Understanding the use of Roles (Permission Group) and Permissions

As Financial institutions, there are many types of Finflux platform users and third-parties that need access to Finflux, in all these cases the operations and data scope required for those users are different. Roles (Permission Group) and Permissions helps defined permission scope in these scenarios.

Use case 1 : ABC Finserv management and operation team wants to appoint a collection agency, now the collection agency wants to provide their collection agents access to Finflux to get the collection details on daily basis.

The request comes to ABC Finserv IT department, stating that they need to create 25 users for the collection partner agents, now the internal IT department needs to think, what roles need to assign to these agent users.

IT team analyse the requirements and makes a list of information and actions that the collection agent need from Finflux

  • Customer basic information and contact details

  • Loan basic details

  • Demand report and Collection summary report

  • Record repayments

Step 1. Identify the new roles (permission groups) required

ABC Finserv IT admin login to Finflux platform, navigate to admin > system > roles and permission, identifies is there any relevant roles that can be reused and how many new roles (permission groups) need to create

It is better to create multiple roles, each of these roles have logical roughing of permissions to perform some meaningful activities in the Finflux platform. The system allows to create one role that can provide all the permission required for the user

Example for improper definition: Role name as “loan officer” and provide all the access require by the loan officer under the single role

Example for better definition: Create multiple roles like, “client basic info - read-only”, “client basic info - all activities”, “loan origination”, “loan underwriting and approval“, “loan repayments, single and bulk“, “reports-field staff”, “report-branch manager”, “report-finance & accounting”, “manage users”

 

There is already a role (permission group) called “client basic info (read-only)” that can be used to provide access to view client information, but there are no roles (permission group) for “loan basis info nor for “reports” and enter “repayment transactions” related

Step 2 : Create the new role

In previous step we identified that three new roles (permission groups) are required [loan basis info, reports-custom, repayment transactions ]

Let’s begin to create those roles, we understand the three roles need to be created, we will create one by one

Defining ‘Repayment transactions’ role: Before we begin creating the role (permission group), we should identify what are the operations we want to allow through this role (permission group). We are creating this role to provide user to enter repayment in the system, there are two ways to enter repayments, either using collection sheet (Individual collection sheet or Group collection sheet) or using a repayment option at the loan level, then this role requires permission to fetch collection sheet, fetch repayment template and submit repayment through collection sheet or at each loan level.

Now we are good to go ahead and create a new role in the system

Login to Finflux platform, navigate to admin > system > roles and permission then click on “add role”

 

 

 

 

Field Name

Description

Name

Name of the Role, the same name will appear in when assigning roles to user

Description

Write the description of the role

Operational Start Time

Using Operational Start Time and End time one can control during what time period the role is active, if the user tries to perform actions those need these permissions then the user can’t do before this time

Operational End Time

Using Operational Start Time and End time one can control during what time period the role is active, if the user tries to perform actions those need these permissions then the user can’t do after this time

Role based limitation

In case this role has permission to do loan approvals, then this option decides what is loan approval limit for this role, otherwise this field has no significance

Enter the details and click on submit

 

Step 2 : Edit permission associated with the role

Click on “edit”

 

now it is time to find permissions related to this role, as discussed earlier we want to assign permission to ‘read collection sheet’, ‘submit collections sheet’, ‘read loan repayment due’ and ‘submit the repayment’

 

 

Special permissions

Finflux platform has set of special permissions to ease the creating some special purpose permission groups, in this document we will understand what are those special permissions and when we need them

System has four spacial permissions

ALL FUNCTIONS
ALL FUNCTIONS READ
CHECKER SUPER USER
REPORTING SUPER USER

 

 

ALL FUNCTIONS :

“All Functions” permission provides access to the user (“who has inherited this permission though role“) to view all the data and screens in the application and as well as perform all the actions in the system

Who needs this permissions?

Ideally this permission is used only during the initial setup of the system and assigned to the Finflux users who are doing the configuration and setup of the system, it is not recommended to use this permission post go live (post production)

ALL FUNCTIONS READ :

“All Function Read“ permission provides access to the user (“who has inherited this permission though role“) to view all the data and screens in the application.

Who needs this permissions?

This permission is useful to users like auditors, internal support team, and financial institution’s IT team

CHECKER SUPER USER:

“Checker Super User“ as name suggest, this permission provides the user to act as checker for all the actions across the system.

Otherwise, every action is associated with it’s own checker permission

Who needs this permissions?

Financial Institutes’s HO level staff who act as backup for branch level approvers or State level approvers who can do approvals for different use cases

REPORTING SUPER USER

“Reporting Super User“ permission provides access to the user (“who has inherited this permission through a role“) to view all the reports in the system.

Who needs this permissions?

MIS team, internal IT team, support team and CXOs

 

Related articles

 

Related topics

  • Users

  • Audit Trail

  • Two Factor authentication

  • Password Policy

  • Captcha for Login

  • Data Scope