Creating smart investigate for payments security levels
Within an organization,business requirements may dictate that users be restricted from viewing or working on assignments. Smart Investigate for Payments has four security levels that you can use to define what work objects or assignments users can access.
The criteria for deciding the level of access restriction are a user’s assigned role, operational unit (for example, branch), and business area (for example, Payments) related to the investigation case. Client requirements may use one or more criteria, with the significance and order of each carrying varying weights.
Smart Investigate for Payments provides a fully customizable set of rules that allow organizations to restrict or prohibit access based on multiple layers of security. Three of the rules must be assigned to an individual user, and a fourth is based on the user’s access group.
The security levels assigned to users are defined in their Data-Admin-Operator-Security profiles. This table illustrates typical business segmentation for security levels.
Level | Definition | Example |
1 | Financial institution | Bank name(one or many for a multi-bank scenario) |
2 | Division offinancial institution | Either branch orbusiness area |
3 | Furtherdivision of level 2 | Either branch orbusiness area |
4 | Furtherdivision of level 3 | Ateam within a branch or business area |
Worklist orWorkbasket | Lowest division ofwork | An individual operatoror workbasket within a team |
An initial task in the deployment of Smart Investigate for Payments is the definition of a business model. The business model defines how the levels will be used and what values each level will contain. These levels are then defined in the system prior to being assigned to a user.
The following steps are required to deploy the Smart Investigate for Payments security solution:
- Configure security levels 1, 2, and 3
- Define evaluation logic for the decision tree rule SetSecurityAccessMode (of type Rule- Declare-DecisionTree)
- Define the decision table rule SetLevel1Instance (of type Rule-Declare-DecisionTable)
- Set initial Security instances (of type Data-Admin-Operator-Security):
- Verify that Data-Admin-Operator-Security instances reference the activity SIOperatorLogon
- Update class-based Rule-Obj-Validate(that is, MyCoSI)
Previous topic Security configuration components Next topic Configuring level 1 security