Académique Documents
Professionnel Documents
Culture Documents
Revision History
Name
Date
Reviewed
Version
Rahul Ganjave
18/08/2013
First draft
Rahul Jayaraman
0.1
Mukesh Singh
04/07/2013
Second draft
Radhkrishan Barre/
Derrick
0.2
INTRODUCTION
This document explains the Middlewares Access Control module which involves creation of roles,
assigning permissions to every role and restricting data access for a user.
CREATION OF ROLES
The Middleware is hard-coded with one static role called Admin and UAM, who as a super-user has
rights to all features.
The Admin an UAM is responsible for creating other roles in the system.
The Middleware ships with the following pre-seeded roles.
Document Name:
User Access Management
Page 2 of 8
November 5, 2014
Admin
UAM
NCM
NCM
RCM
ACM
CLM
Agency Sup.
Collection
Agent
RCM
RCM
ACM
CLM
ACM
CLM
CLM
Agency Sup.
Agency Sup.
Agency Owner
Collection
Agent
Document Name:
User Access Management
ACM
Agency Sup.
Collection
Agent
Collection
Agent
Collection
Agent
Collection
Agent
Page 3 of 8
November 5, 2014
CREATION OF USER
A standard KYC form is filled up by the Admin and UAM when a user is created. Maker
checker process will be introduced at user creation. Any UAM user other than requester
UAM can approved user creation request. Post creation, the user will receive an email with a
unique link to a page where he can set his password. The link is made unique by means of a
password token which is part of the URL. Multiple users can be created in the system via
uploading an excel sheet as well.
A standard Role can be created by the Admin and UAM (e.g. NCM, RCM, etc.) with
specified right. This Created roles option can be provided at the time of User creation which
has default right as per his role assign. Role right can be modified at the time of user
creation. Only report view right can be modified.
When a user is created, he must be assigned a Role. A user at any point of time can have
only one role. User creation and assignment of Role is managed by the Admin and UAM.
PERMISSIONS
Every Role in the middle-ware can be assigned features through permissions. A user can
access only those features which have been assigned to his role. The following is an
indicative list of features which the middleware would provide.
Every Agency supervisor Role creation agency code will be assign. Agency Supervisor may
report multiple CLM for same or different loan product. Supervisor can created/ Remove
Collection Agent. Creation and Removal of agent is authenticated by maker checker
process. Approval option will be display to his all reporting CLM.
Document Name:
User Access Management
Page 4 of 8
November 5, 2014
CLM ROLE
At the time of CLM creation, CLM will map to his respective ACM. CLM will be report to a
single ACM. Multiple Agency Supervisor can be mapped to CLM. CLM can view and confirm
all type of approval of supervisors reporting to him. CLM can see all type of Report which
has data contained only related to him.
Agency Owner Role has multiple Agency Supervisor reporting. Agency Owner can view all
report and approvals.
ACM ROLE
At the time of ACM creation, ACM will map to his respective RCM. CLM will be report to a
single RCM. Multiple CLM can be mapped to ACM. ACM can see all type of Report which
has data contained only related to CLM mapped to him.
RCM ROLE
At the time of RCM creation, RCM will map to his respective NCM. ACM will be report to a
single NCM. Multiple ACM can be mapped to RCM. RCM can see all type of Report which
has data contained only related to ACM mapped to him.
NCM ROLE
At the time of NCM creation, NCM will map to Admin. Multiple RCM can be mapped to NCM.
NCM can see all type of Report which has data contained only related to RCM mapped to
him.
Document Name:
User Access Management
Page 5 of 8
November 5, 2014
MGMT.
REPORTS
ACTIONS
Masters
Machine Control
Logs
HHT Master
Role Master
OTP Lookup
User Management
User Creation
User Permissions
Map User to
Agency
Remapping User
Requests
Collection Executive
Enrollment Request
Business Rule Modification
Request
Approval Level 1
Machine Reports
Collection Executive
Enrollment
Business Rule Modification
Approval Level 2
Collection Executive
Enrollment
Business Rule Modification
Allocation
Allocation Trail
Allocation Summary
Re-Allocation Trail
De-Allocation Trail
Document Name:
User Access Management
Page 6 of 8
November 5, 2014
PASSWORD EXPIRY
A users password would expire after a certain period of time which would be configurable.
The system would ship with a default expiry of 30 days which can be changed by the admin.
Document Name:
User Access Management
Page 7 of 8
November 5, 2014
USER STATES
All Users can be disabled or deleted by the Admin along with a reason. The pre-seeded
Admin user cannot be disabled, locked or deleted.
Disabled/Locked users can be activated again by the Admin user along with a reason.
The process of disabling/locking/deleting/re-activating a user would be logged & a trail would
be maintained.
Any user who does not login for a specific period of time would be disabled. The period is
configurable & can be changed by the Admin.
Also, a user after a certain number of unsuccessful login attempts would be locked. The no
of attempts would be configurable and changed by Admin.
SESSIONS
Sessions are stored in the database & a trail is maintained. While a user is logged in, he
may not log in using another session from any browser or system.
Sessions expire after a pre-defined amount of time which is configurable by the Admin user.
Document Name:
User Access Management
Page 8 of 8
November 5, 2014