Security Management System User Manual
Contents
1. After successful authentication and authorization of the user is carried out by the LDAP Oracle Internet Directory a request is forwarded to gain access into Oracle FLEXCUBE On clicking the Submit button you can directly get into Oracle FLEXCUBE without specifying Oracle FLEXCUBE user id and password 2 47 ORACLE 3 Associated Functions 3 1 Clearing a User ID When a User logs into the system the system maintains a record of the user with the date and time of login On a successful normal log out this record gets deleted Occasionally you may come across a situation when a user who is logged into the system is forced out However the ID of the user still continues to have a status of Currently Logged In In such a situation the user will not be allowed to log in to the system again Such User IDs can be cleared through the Clear User Profile screen The Ids of the users currently logged into the system for that branch will be displayed You can invoke this screen by typing CLRU in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button e Clear User Web Page Dialog iot dk bl Goto Page Records Oo Branch Code User Id From Session OFSSCAAUTHIO OFSSCAAUTHS OFSSCAMAKS OFSSCLAUTHF OFSSCLAUTHY OFSSCLMAKS OFSSCLMAKE OFSSCLMAKE OFSSCLMAKS OFSSCOMAKIO OFSSCOMAK4 OFSSFTMAK OFSSFTIMAKA OFSSFTIMAKS OFSSFXAUTH4 Y Y Y Y Y Y Y Y Y Y Y2. e Allowed 2 14 ORACLE e Disallowed Choose the Allowed option to maintain an allowed list and the Branch Restrictions list will show the list of allowed branches Choose the Disallowed option to maintain a disallowed list of branches If you maintain an Allowed list then the role profile will be available only for those branches that you specify in the Branch Restrictions list Similarly if you maintain a Disallowed list then the role profile will not be available only for those branches that you specify in the Branch Restrictions list After choosing either the Allowed or Disallowed option click add icon to add a record under the Branch Restrictions list Into each added record field select the required branch from the adjoining option list 2 6 4 Account Class Restriction You can restrict the role from using certain account classes that are maintained in Oracle FLEXCUBE Click Acc Class Restriction to specify the account class restrictions The Account Class Restriction screen is displayed E Account Class Restriction Web Page Dialog Account Class Restriction f Allowed f Disallowed Account Class Restrictions E Account Class Description You can either allow or disallow association of the role with certain account classes Subsequently specify the account classes which have to be restricted for the role After choosing the Allowed or
3. SMDUSHOL in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button The User Holiday Maintenance screen is shown below A User Holiday Maintenance Web Page Dialog Branch Code CHO User ID MAHADEY Leave From 4442009 sc Leave To 11402009 Remarks Leave E open Maker Date Time Mod Mo WB Authorized Checker Date Time 2 21 ORACLE Specify the following details Branch Code The branch code of the user selected in the User ID field is displayed here User ID Specify the user ID of the user for whom you want to define the holiday period The adjoining option list displays all the valid user profiles maintained in the system You can select the appropriate one Leave From Select the start date for the holiday period from the adjoining calendar Leave To Select the end date for the holiday period from the adjoining calendar The user will not be allowed to log in within the specified holiday range Remarks Specify a brief description for the holiday You can maintain multiple holiday slots for a user but the system will not allow including a specific day in more than one slot 2 9 Viewing Holiday Summary Details You can view holiday periods maintained for any user profile in the Users Holiday screen You can also invoke this screen by typing SMSUSHOL in the field at the top right corner of the Application tool bar and clicking on the a
4. Disallowed option click add icon to add a record under the Account Class Restrictions list Into each added record s field select the required account class from the adjoining option list 2 15 ORACLE 2 6 5 Rights For a role profile you can specify the necessary rights to perform various operations in respect of incoming and outgoing messages in the Messaging module of Oracle FLEXCUBE You can grant specific permissions for operations on messages as well as allot the messaging queues to which the role has access In the Role Maintenance screen click Rights button to open the Rights screen Here you can grant the rights pertaining to the Messaging module to the role Rights Web Page Dialog Grant Rights GIWEUES El Cancel C Change Mode C Release w Change Media F Branch Move Hold Test Input El Change Address C Feinstate C Change Priority C Auth Cancel C Auth Change Mode EI Auth Release C Auth Change Media C Auth Move Branch Auth Hold C Auth Test Input C Auth Change Address TT aueue C Auth Restate all Auth Change Priority El Generate Test Check C Link Contract ET Change Branch In C Change Meg D Chg Force Release Fund Suppress C Delete Print C FT_Upload Move To Queue El Change Address In Fi Auth Change Meg Auth Rights F Chg Force Cover Match F l Check against the messaging operati
5. For those functions you can revoke the applicability of automatic authorization if required It is not possible to indicate the applicability of automatic authorization for any other functions than those pre shipped functions configured for your installation Head Office Function Check this box to enable the Function to be handled only by the users of the Head Office Users of the other branches would be only allowed to view the Function 2 5 1 1 Defining the Menu The Oracle FLEXCUBE menu can be defined in the Function Description section You can define menu appearance for a given Language The Menu can only be drilled down up to two sub menu levels Example For Language Code ENG if the Main menu value is given as Security Management Sub Meu as Maintenance and Sub Menu2 as Function Description for Function id SMDFNDSC then on the Oracle FLEXCUBE menu it would appear as follows El Security Management Maintenance E ErriMesg Maintenance BR Bank Parameters BR Function Description E Language Code El Registry O SE Admin Role Limita 2 6 Defining a User Role It is likely that users working in the same department at the same level of hierarchy need to have similar user profiles In such cases you can define a Role Profile that includes access rights to the functions that are common to a group of users A user can be linked to a Role Profile by which you give the user access rights to all the funct
6. SMDUSALR in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button 2 User Alerts Maintenance Webpage Dialog See Oo UserID Sequence No Alert Type Message Status Cancel The following details are captured here User ld Specify the id of the destination user to whom the message has to be sent Sequence No Specify the sequence number of the message that you are defining Alert Type Specify the alert type as Information Message Specify the message that has to be sent to the destination user Status Specify the status of the message as any of the following e P Processed e U Unprocessed After defining the message click Exit button to exit from the screen For more details on how the destination user can view the alert messages refer section titled Unprocessed Alerts in the chapter Getting Started with Oracle FLEXCUBE in Procedures User Manual 2 46 ORACLE 2 12Single Sign On SSO Enabled Environment Provided you have opted for the SSO Enabled option at bank level you can log in from an LDAP Oracle Internet Directory external system into Oracle FLEXCUBE through the screen shown below E FLEXCUBE UBS Version 10 3 0 0 0 0 0 0 Login Microsoft Internet Explo ORACLE FLEXCUBE User ID UNIVERSAL BANKING Password Theme Default Y ORACLE Copyright o 2009 Oracle andior its affiliates All rights resened
7. 5 4 ING SB TORT eene 5 5 5 4 1 Contents of the Changes Report cccccccccccccce cece aaa eae aa eae ees 5 6 5 5 INACTIVE USERS AGING ANALYSIS REPORT cccccceccccsscccscccescccessccceececeessseecseecseuscssesessueceuuecesensesensess 5 7 5 5 1 Contents of the Inactive Users Aging Analysis Reno 5 7 5 6 INACTIVE USERS LOG bro 5 7 5 6 1 Contents of the Inactive Users Log Report 5 8 ORACLE 1 About this Manual 1 1 Introduction This Manual is designed to help you to quickly get familiar with the Security Management System SMS module of Oracle FLEXCUBE It provides an overview of the module and takes you through the various stages in setting up and using the security features that Oracle FLEXCUBE offers Besides this User Manual you can find answers to specific features and procedures in the Online Help which can be invoked by choosing Help Contents from the Help Menu of the software You can further obtain information specific to a particular field by placing the cursor on the relevant field and striking lt F1 gt on the keyboard 1 1 1 Audience This Manual is intended for the following User User Roles Oracle FLEXCUBE To set up the initial startup parameters in the individual client Implementers workstations To set up security management parameters for the Bank SMS Administrator for To set the SMS bank parameters the Bank To identify the Branch level SMS Administrators SMS Administrator for To cre
8. Application tool bar and click on the adjoining arrow button system will check for the mapped function id and will launch that function id screen Tanking Required Check this box to indicate that the maintenance records that are created or modified in the system for the function Id specified here need to be tanked till they get authorized The new or the modified records are written to the static tables only after authorization For more details on tanking of maintenance records refer the Core Services user manual Available Check this box to make the Function accessible in the Oracle FLEXCUBE menu The definition of the menu would be as specified in the Column at the bottom of the Function Description Maintenance screen If this box is unchecked then this screen will not be accessible from the menu even if it is selected for the Role that is assigned to the user Automatic End Of Day aware Check this box to consider the Function for an AEOD run Log Event Check this box to enable the event log for a particular Function ID Oracle FLEXCUBE maintains an extensive log of the activities of every user This can later be used for reporting on the user activities Cust Access Check this box to make the Function available to Users who are classified as Customers Auto authorization As configured for your installation according to your requirement automatic authorization is applicable for a pre shipped list of functions
9. Code CS EXRO02 Language ENG Description English Message Amount exceeds the max limit and rate reference number je null Input By SYS l Modification Number 1 kel pen Authorized By SYS RH Authorized The following details are captured here Error Code Specify a code for the error message here Language Specify the language code of the error message Description Specify the description for the language code 3 8 ORACLE Message Specify the error message that has to be displayed 3 9 1 Configuring Customized Hot Keys for Launching Screens Oracle FLEXCUBE allows you to configure Hot keys or Shortcut keys for function ids using which you can launch the function id screens without typing the function ids For this you need to map each function id to a hot key using the Hot Key Maintenance screen To invoke the Hot Keys Maintenance screen click the option Hot Keys under Options menu You invoke this screen by typing SMDHOTKY in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button Hot Keys Maintenance Webpage Dialog USER ID HIMESH Hot Key Details CLRU 2 LCDPRMNT 3 BCDCONON 4 MSDHR 5 STRCIF 6 1402 AMDCAQAU 5 CLDINADT 9 DEDBRCON Cancel The following details are captured in this screen User Id The id of the user who has logged in is displayed here Hot Key Details Here you can map a fu
10. Role will be made applicable You can select the branch from the option list available You can attach only one Limits Role to a branch Further if you choose not to attach a Limits Role to a particular branch the system will not validate the limits in that branch Limits Role All the Limits Roles maintained at your bank will be displayed in the option list You can select the Roles you wish to link to the user profile On selection of the Role the following details get defaulted e Limits Currency e Input Limit e Authorization Limit STOP For Journal Single and Multi Offset and Teller transactions the check will be performed on each individual transaction i e each debit and credit entry No Limits Select the No Limits option to place no restrictions on the user The user will be allowed to specify any amount during transaction processing Likewise users with authorization rights will be allowed to authorize transactions without any restrictions on the amount involved in the transaction 2 10 10 Branches To specify the branches from which the Staff and Branch users of the bank can operate you must use the Branches screen Click Branches button in the User Maintenance screen and Branches screen will be displayed as shown below Branches Web Page Dialog Branch Restriction Ce Allowed f Disallowed Branches L Branch Branch Name You can maintain a list of branches to which the
11. The field Status Changed on displays the date and time when the Status of the User was last changed Customer Number For User Profiles of your choice Oracle FLEXCUBE allows you to restrict the viewing and printing of Balances in case of accounts and financial details of contracts involving customers who also happen to be employees of your bank In order to enable this option while creating the User Profile of the employee you can link the customer number CIF ID of the employee with the User ID Tax Identifier Specify the tax identifier code of the customer to monitor Anti Money Laundering activities A user with restricted access will not be able to view print details of contracts involving the product in all Contract Functions and Contract Summary screens for the following modules e Teller e Retail Teller e Clearing e Utility Payments e Funds Transfer e Payment and Collections 2 25 ORACLE e The Contract Online and Cycle Due screen of SI e Foreign Exchange online and payment e The Contract Online Value Dated Amendments and Payments Input screens of MM e The Contract Online put Value Dated Amendments Payments Input and Loans Assignment screens of LD The other functions to which the user will have restrictive rights is as follows e Ad hoc loan statement generation e Queries Accounting Entries e Customer Based Information Retrieval e Limits Overrides showing account balances e Message Browser e Pa
12. The time level in the branch has changed Your time level does not permit you to execute any functions SM 00033 The number of users currently executing functions in this module has exceeded the license limit SM 00034 This function is not available for customer access SM 00035 This function is not available for staff access SM 00036 Function ID is not correct Enter function ID again 4 1 ORACLE SM 00037 Main menu and sub menu descriptions cannot be same SM 00040 Wrong password Enter password again SM 00041 The new and confirmed passwords do not match Enter passwords again SM 00042 The password entered is restricted Try another password SM 00043 The password entered has already been used Try another password SM 00044 Length of password is less than 1 characters SM 00045 Length of password is more than 1 characters SM 00046 The password string contains special characters that are not allowed Retype password SM 00050 Control clerks passwords do not match Retype passwords again SM 00060 There are users currently logged in with a lesser time level Do you want to change SM 00070 You are currently executing some functions Exit from those functions and try again 4 2 ORACLE SM 00101 Cannot delete function There are users attached to this function SM 0011 1 Cumulative invalid logins number should be greater than 5 and less than 100 SM 00117 Password change after message no of days should be greater than 15 and le
13. Web Page Dialog Authorization Status Branch Code Leave From Records per page 15 Lock Record Status Branch Code Open CHO Open Authorization Status Authorized Authorized User ID MAHADEN Gi 008 MAHADEN OH 008 Leave From 2 44 DOLL D 2 2008 Record Status User ID MAHADEY Leave To Advanced Search Refresh 1 of 1 Reset Checker D g 2008 g 2008 Leave Ta Maker ID Maker Dt Stamp Checker ID MAHADEY 94 2008 Ky MAHADEY 94 M2008 Ky ORACLE The following details are displayed e Authorization Status e Record Status e Branch Code e User ID e Leave From e Leave To e Maker ID e Maker Date Stamp e Checker ID e Checker Date Stamp The above screen can be used only for viewing the holiday summary of the user specified in the User Holiday Maintenance screen Hence all the query fields such as Authorization Status Branch Code User ID etc will be disabled For more information about viewing holiday details for any user profile refer the section Viewing Holiday Summary Details in this document 2 10 15 Copying the User Profile of an Existing User Often you may have to create a user profile that closely resembles an existing one In such a case you can copy the existing profile on to the new one Select Copy from the Actions menu in the Application toolbar A list of existing user profiles will be displayed Click on the one you want to copy All the details
14. Y Y Select the check boxes next to the User IDs which you want to clear and then click Clear button 3 2 Changing the System Time Level The time level is allotted at two levels at the system branch level and at the user level Fora user to be able to login the time level for the user profile should be greater than or equal to that of the system The time level can be between zero and nine You can change time level of the branch by using the Change Time Level screen You can invoke this screen by typing SMDCHGTL in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button Click Users button for a display of the details of users who are currently logged in 3 1 ORACLE This screen shows a list of all users who are currently logged in and their respective Time Levels When the Time Level of the branch is changed the system validates and displays a message if the Time Level of any of the Users is lesser than that of the newly changed value These users can continue to log onto and work on the system till they log off When they try to log in back the system validates and only allows such users access whose time levels are greater than that of the system Z Change Time Level Web Page Dialog Branch Current Time Level Mew Time Level Users User Time Level isi User Identification Terminal Time Level 3 3 View Current Users The user of a branc
15. adjoining arrow button The User Maintenance screen is shown below e User Maintenance Webpage Dialog User Details User Identification OF SSFXMAKS Name OFSS FX User User Reference User Status Enabled Hold Language ENG Disabled Home Branch CHO Classification staff Customer Ho Branch Tax Identifier Status Changed On 11 30 2007 LDAP DN Last Signed On 11 30 2007 17 40 14 Time Level 9 Auto Authorisation User Password Password eee eee ee Start Date 11 30 2007 Password Changed On 11 30 2007 End Date Force Password Change Invalid Logins Cummulative Successie Restricted Password Roles Rights Functions ms Account Classes General Ledgers Limits Branches Products Disallowed Functions Users Holiday Fields Maker OFSSFXMAKE Date Time 11 30 j Modification g Authorized Checker OFSSFXAUTHS Date Time 11 30 2007 17 03 01 Number DW open You can classify the user in to two e Staff All internal users of the bank can be classified as Staff You can include any of the functions available in the system in the user profile e Branch This indicates a branch user This is used to identify a branch user and branch specific user maintenance for Branch user 2 10 1 1 Restrictions on User Profile Administration A branch administrator can create modify or delete user profiles only in the Head Office Home branch of the administrator or in those branches that are allowed for the res
16. be disabled When a User ID has been disabled the Administrator should enable it The password of a user can be made applicable only for a fixed period This forces the user to change the password at regular intervals thus reducing security risks Further you can define passwords that could be commonly used by a user as Restrictive Passwords at the user user role and bank level A user cannot use any password that is listed as a Restrictive Password at any of these levels Restricted Access to Branches You can indicate the branches from where a user can operate in the Restricted Access screen All Activities Tracked Extensive log is kept of all the activities on the system You can generate reports on the usage of the system anytime These reports give details of unsuccessful attempts at accessing the system along with the nature of these attempts It could be an invalid password attempt the last login time of a user etc Audit Trail Whenever a record is saved in the module the ID of the user who saved the record is displayed in the Input By field at the bottom of the screen The date and time at which the record is saved is displayed in the Date Time field A record that you have entered should be authorized by a user bearing a different login ID before the EOD is run Once the record is authorized the ID of the user who authorized the record will be displayed in the Authorized By field The date and time at which the re
17. etc By disallowing users from using such common passwords you can reduce the risk of somebody other than the user knowing the password Click Password Restriction button to define the list of Restrictive Passwords for the role profile you are defining Any user who is attached to the role cannot use a password in this list e Restrictive Password Web Page Dialog FPassword Restriction I PASSWORD E DE You can define only the functions that are applicable for the role and the list of Restrictive Passwords for a role All the other attributes of a user profile should be defined when the user profile is being created 2 6 7 Copying the Role Profile of an Existing Role Often you may have to create a Role Profile that closely resembles an existing one In such a case you can copy the existing profile on to the new one Select Copy from the Actions menu in the Application toolbar or click copy icon A list of existing role profiles will be displayed Click on the one you want to copy All the details of the profile except the Role ID will be copied and displayed Enter a unique Role ID You can change any of the details of the profile before saving it 2 6 8 Closing a Role Profile A Role Profile should be closed only if there are no users linked to it Thus before closing a role profile you should modify each user profile attached to it and delete the link to the role Select Close from the Actions menu
18. has to be Amount authorized by this user Branch Code The branch in which the user profile is defined Customer Name The name of the customer whose accounts can be handled by this user Restrictive Passwords The passwords defined as restrictive passwords for the user User 4 Changes Report This report gives details of maintenance done on the following screen e Static Parameters screen e Static User Profile Details screen e Dynamic User Profile Details screen e Static Role Profile Details e Static User Profile Details You can generate this report for a particular period In the Application Browser this report is available under the SM module To invoke this screen type SMRPCHLG in the field at top right corner of the Application tool bar and click the adjoining arrow button 5 5 ORACLE F 2 Report Web Page Dialog Format POF ov Output Output C Print view Spool Printer Printer 5 4 1 Contents of the Changes Report The contents of this report are discussed under the following heads Header The Header carries the title of the report information on the branch code the ID of the user who generated the report the date and time at which it was generated the branch date the modules covered in the report Body of the report The following details are displayed in the report Field Name The field that has been maintained Input by The Id of the person who input the d
19. highlighted You can then specify the rights to the different actions for the functions by checking against the action 2 35 ORACLE 2 10 6 Tills You can restrict the user from using certain tills maintained at your bank Such restrictions can be specified in the Tills screen Click Tills button to invoke the Tills screen E Tills Web Page Dialog Till Restriction Ce Allowed f Disallowed You can either allow or disallow the user from using certain tills e Select the option Allowed if you want to allow the user to manage certain tills e Select the option Disallowed to disallow the user to manage certain tills After choosing either the Allowed or Disallowed option click add icon to add a record under the Tills list Into each added field select the required Till Id by clicking the adjoining option list 2 10 7 Account Classes You can restrict the user from using certain account classes that are maintained in FLEXCUBE Click Account Classes button to specify such account class restrictions 2 36 ORACLE Account Classes Web Page Dialog Account Class Restriction Ce Allowed f Disallowed Account Classes L Account Class You can either allow or disallow the user from using certain account classes Subsequently specify the account classes which have to be restricted for the user 2 10 8 General Ledgers You can restrict the user from posting ent
20. messaging queues to which the user has access In the User Maintenance screen click Rights button to grant these rights pertaining to the Messaging module to the user 2 32 ORACLE x Rights Web Page Dialog Grant Rights Generate Hole Cancel T Test Input O Change Mode O Change Address Release Reinstate O Change Media O Change Priority Branch Move T Print Test Check Auth Hold Auth Cancel Auth Test Input Auth Change Mode Auth Change Address Auth Release Auth Restate Auth Change Media T Auth Move Branch Auth Change Priority IT FT_Upload Link Contract Move To Queue O Change Branch In Change Address In T Auth Rights O Change Meg Auth Change Meg Chg Force Cover Match O Chg Force Release Fund O Suppress Delete o Cancel Check against the messaging operations for which you want to grant the permission Granting rights pertaining to operations on messages You can grant permissions for the following operations on outgoing messages Generating a message Printing a message Placing a message on hold Releasing a message on hold Canceling a message Inserting a test word Reinstating a message e Changing the priority of a message e Requesting status of a message e Requesting cancellation of a message e Changing the media through which a message is transmitted e Changing the address to which a message is to be sent e Moving a me
21. or transmitted in any form or by any means electronic mechanical photographic graphic optic recording or otherwise translated in any language or computer language without the prior written permission of Oracle Financial Services Software Limited Due care has been taken to make this document and accompanying software package as accurate as possible However Oracle Financial Services Software Limited makes no representation or warranties with respect to the contents hereof and shall not be responsible for any loss or damage caused to the user by the direct or indirect use of this document and the accompanying Software System Furthermore Oracle Financial Services Software Limited reserves the right to alter modify or otherwise change in any manner the content hereof without obligation of Oracle Financial Services Software Limited to notify any person of such revision or changes All company and product names are trademarks of the respective companies with which they are associated
22. report are discussed under the following heads Header The Header carries the title of the report information on the branch code the ID of the user who generated the report the date and time at which it was generated the branch date the modules covered in the report 5 2 ORACLE Body of the report The following details are displayed in the report UserID The user who was involved in the security management system violation Start Time The time at which the security management system was violated The error message if any displayed by the system during validation Function The description of the function that was executed by the user which Description resulted in the violation Terminal ID The terminal ID of the terminal onto which the user was logged 5 3 User Profile Report The details of all the user profiles that have been defined are available in the form of a report The User Profile Report gives details of user profiles maintained for all or specific users It includes e The functions attached to the role e The roles to which the user is attached e Amount limits for each user e Branches in which the user can operate e Currencies the user can use e Customers the user can deal with e Restrictive passwords defined for the user To invoke the screen go to Security Maintenance on the Application Browser Click User Administration and select Current Users under it Otherwise use the code SMDCUUSR o
23. specify an allowable number for cumulative attempts between 6 and 99 and for consecutive successive attempts between 3 and 5 2 2 ORACLE Once specified you can change the allowable number of cumulative or consecutive login attempts provided you do so only at a time when no users are logged in to the system 2 2 2 Specifying Parameter Archival Period in Days You can specify the period in calendar days for which the audit trail details of system security related activities such as usage of the system by a user activities by the system administrator etc should be maintained The system defaults to a value of 30 which you can change You can specify an archival period that is greater than or equal to 7 calendar days Dormancy Days Oracle FLEXCUBE allows you to automatically disable the profile of all the users who have not logged into the system for a pre defined period of time A user ID is considered dormant if the difference between the last login date and the current date is equal to or greater than the number of Dormancy Days that you specify in this screen This is reckoned in calendar days i e inclusive of holidays All dormant users whose home branch is same as the current branch are disabled during the end of day run at the current branch 2 2 3 Specifying Warning Screen Text Warning Screen Text At your bank you may require a warning message containing legal requirements and security policy to be disp
24. 01 002 and 005 but not for 006 Similarly the administrator of branch 002 can create ICCF rules in branches 002 005 and 006 but not in branches 000 and 001 When the administrator of branch 000 attempts to create a new user in the User Profile screen the branches available in the Home Branch field in the screen will be 000 001 002 and 005 Note the following e The administrator of the head office branch is allowed to perform all operations in any of the other branches e When a new branch is created it must be manually added to the allowed disallowed list as required e For those applications Restriction Types that you have specified in the SMS Branch Restriction Types maintenance you must create the appropriate common branch restrictions in the Common Branch Restrictions screen If no restrictions have been created in the Common Branch Restrictions screen for a specific branch for an application chosen in the SMS Branch Restriction Types maintenance operations pertaining to the application will not be allowed from that branch 2 9 ORACLE e To allow the administrator of a certain branch to perform operations pertaining to a specific application for all branches you can either maintain an allowed list with all branches selected or maintain a disallowed list with none of the branches selected 2 5 Defining Functions Any function that is a part of the system should be defined through the Function Description Mainte
25. NGING THE SYSTEM TIME DEY EE 3 1 3 3 NEW CURRENT OU EE 3 2 3 4 DEFINING LANGUAGE CODES ccccccccsssccccsecscccueccceucesecceeseucuecseeeuessscecssucuecsseuuessseueessueuecsseuneseseeeseueness 3 3 3 5 CHANGING THE BRANCH OF OPERATION ccccccccsecccesecscescceccesccccuuecscuueecscueceseueceseueecssesceseueessseueesesees 3 4 3 6 CHANGING THE USER PASSWORD cccccccececcccsecccceeececcusececeseccececsceuuecscuceseueeceseuuecsceueessseuecesseeseseueesenees 3 4 3 7 MAINTAINING SSO PARAMETERS cccccceccccceescccceseccceesececueccccusecsceeescscuuecseeuecsseueessceuecsssuecessueessseeeseueesss 3 5 3 8 MAINTAINING TRANSACTION STATUS CONTROL cccccceccccsecccsecccescccencceesecseeececeecesesseeuecsseesssensssenessenesenes 3 7 3 9 MAINTAINING ERROR MESSAGES cccccsesccesccscccucccuccccucccucscsceeeceussecueseeceeusseusseuuceessseueseueseuseseeeseeceusess 3 8 3 9 1 Configuring Customized Hot Keys for Launching Acreens cece eects 3 9 3 10 VIEWING USER ACTIVITIES visi cscsncesacteessbosenctasosteensh saesesatoseedestatenns abcue scons seeiadanote EE 3 9 Sul VIEWING BRANCH RN EN RE 3 10 4 ERROR CODES AND MESSAGES geet EE 4 1 4 1 EROR CO EE 4 WR ETA KEE 5 1 5 1 SV SEN EOCENE E 5 1 5 1 1 COMICHIS of TC TIVCNIS EE 5 1 S SECURITY MANAGEMENT SYSTEM VIOLATIONS LOG RrpOoRT 5 2 5 2 1 Contents of the Security Management System Violations LOG Report 5 2 5 3 MO OMERE TOR EE 5 3 5 3 1 Contents of the User Profile ROOM ege 5 4
26. NT Date Time Modification Number Ope ip ale 1E or Caton Ie gi Open Authorized By Date Time I Authorized In this screen you create common branch restrictions by specifying the information described below 2 8 ORACLE User Branch You must first select the home branch of the administrator for which you are maintaining common branch restrictions in the User Branch field Restriction Type You must also indicate the specific application for which you wish to maintain common branch restrictions for the administrator of the selected branch You can only specify a restriction type that has been maintained in the SMS Branch Restriction Type maintenance Branch Restriction You maintain common branch restrictions by creating a list of branches for each administrator in which the administrator will either be allowed disallowed access to perform operations related to the selected application Restriction Type You can maintain either an allowed or a disallowed restriction list The common branch restrictions you maintain are applicable for operations in the selected application Restriction Type in the home branch User Branch of the administrator and the list of allowed disallowed branches Example You have created the following common branch restrictions Allowed Branches 001 001 006 002 002 005 006 005 002 005 006 The administrator of branch 000 can perform user administration for the branches 000 0
27. Number of Alpha Characters in Password You can define the minimum and maximum number of alpha characters allowed in a user password The system validates these specifications only when a user chooses to change the password If you do not specify the limits the following default values will be used e Minimum No of Alpha Characters 0 e Maximum No of Alpha Characters Maximum Password Length Minimum Maximum Number of Numeric Characters in Password Likewise you can also define the minimum and maximum number of numeric characters allowed in a password The system will validate the password only when a user chooses to change his password If you do not specify the limits the following default values will be used e Minimum No of Numeric Characters 0 e Maximum No of Numeric Characters Maximum Password Length You can specify any number between 0 and 11 in each of these fields However you must ensure that the sum total of the minimum number of alpha characters and the maximum number of numeric characters is less than or equal to the Maximum Password Length Similarly the sum total of the maximum number of alpha characters and the minimum number of numeric characters should be less than or equal to the Maximum Password Length 2 5 ORACLE 2 2 6 Password Restrictions You can define a list of passwords that cannot be used by any user of the system in the bank This list called the Restrictive Passwords list can be d
28. Open Authorized By Date Time E Authorized Example For English the code you could enter in Oracle FLEXCUBE could be ENG 3 5 Changing the Branch of Operation Through this function you can change the branch of operation to a branch other than the one you are signed on to The branches to which you can change into will be defined in your user profile You can change your branch of operation only when a function that has been initiated by you in the current branch has been completed Change Branch Web Page Dialog Branch Code CHO az Home Branch Change Branch 3 6 Changing the User Password The Password of a User can be changed either when it expires or at the will of the user using the Change Password screen 3 4 ORACLE F p E Change Password Web Page Di fx Enter old paseyyord Enter new password Confirm new password SEW Cancel The following details are captured here Enter Old password Specify the old password which has to be changed Enter new password Specify the new password Confirm new password Specify the new password Click Save to save the new password Click Cancel to exit the screen 3 7 Maintaining SSO Parameters LDAP is an external directory system which stores the details regarding user ids and password Once SSO has been enabled for your bank the SSO parameters need to be maintained This can be done using the Single Sign On Maintenance
29. Security Management System Version 1 0 INT1409 ORACLE FCUBS V UM 11 0 CN 1 0 0 0 April 2010 Oracle Part Number E51708 01 ORACLE FINANCIAL SERVICES ORACLE Document Control Author Documentation Team Group UBPG NN Created on October 01 2008 Revision No Final Oe Updated by Documentation Team Reviewed by Approved by Software Quality Development Testing teams Assurance Team Updated on April 20 2010 Reviewed on April 20 2010 Approved on April 20 2010 ORACLE security Management System Table of Contents L ABOULTHIS 1 BW EE H EE 1 1 1 1 NRO eg 1 1 1 1 1 EE l 1 SR GE Ee EEN l 1 l2 E ER O Te 1 2 SS Related EE Be GENEE EE dE l 3 De SECURITY MANAGEMEN Gh VE 2 1 EA org Cer iere 2 1 De SETTING UP PARAMETERS AT THE BANK LENEL 2 2 224 EE 2 2 Ze EE 2 3 2 2 3 EE Marno CVC CIE Ee 2 3 2 2 4 Specifying Parameters for User Poaseworde 2 3 2 2 3 Placing Restrictions on User POSS WOKS xscssexeesccscetisatesaese ease aae NA ERE TAREE 2 5 2 2 6 EE EE 2 6 2 3 BRANCH RESTRICTIONS FOR SPECIFIC APPLICATIONS seseseseeseeeesseterseteesrtesrtreestersrtreseteeseteesererseereseeens 2 7 2 4 CREATING COMMON BRANCH RESTRICTIONS sssssseeesseseeseseeseeterertessrtreseteeseterssteessterssteesererssteesererserereeeerst 2 8 2 5 DEFENIEN E re KE 2 10 2 6 DEFINING A USER EE Eugene eebeehkestugeg ebben EEEa ee a 2 13 2 6 1 The Procedure for Defining Role Profiles eoeeeeeeeeeeeeeeeeesesssssesesssssssssserrrr
30. access not enabled for Account the user Maintenance George 001 LD Contract Automatic authorization not enabled Online for branch 001 No George Customer Ye Input and Authorize rights enabled for Account the user as well as automatic Maintenance authorization rights enabled for the user branch and function The user can also authorize any maintenance done by the user Ronald in this function Smith LD Contract No Authorization access not enabled for Online the user For more details about automatic authorization consult the Common Procedures user manual User Identification Specify the User Id with which a User logs into Oracle FLEXCUBE This User Id is unique across all branches User Reference Specify an external reference number for the User Id User Password Specify the Users Password here This is a Hidden Field The Password set must not be a restricted word It should also be governed by the parameters set in the SMS Bank Parameters table like Maximum and Minimum length Number of Alphabetic and Numeric characters etc Password Changed On The date when the password was last changed gets displayed here Start Date Specify the date from which the User is valid The Branch date gets defaulted if no other value is specified End Date Specify the End Date upto which the User is valid By default the user does not have an End Date associated unless otherwise specified Force Password Change Check this box to i
31. ate User and Role profiles for the branches of your bank Will the Branch also grant access to the various functions to the Users A Oracle FLEXCUBE Any user of Oracle FLEXCUBE whose activities are traced by the user SMS module 1 1 2 Abbreviations EOTI End of Transaction Input EOFI End of Financial Input The System This term is always used to refer to Oracle FLEXCUBE 1 1 ORACLE Standing Instructions 1 2 Glossary of Icons This User Manual may refer to all or some of the following icons en Function a n E RET F k KS JS Ka 1 2 ORACLE Refer the Procedures User Manual for further details about the icons 1 2 1 Related Documents The Procedures User Manual 2 Security Management 2 1 introduction Controlled access to the system is a basic parameter that determines the robustness of the security in banking software In Oracle FLEXCUBE we have employed a multi pronged approach to ensure that this parameter is in place Only Authorized Users Access the System First only authorized users can access the system with the help of a unique User ID and a password Secondly a user should have access rights to execute a function User Profiles The user profile of a user contains the User ID the password and the functions to which the user has access Restricted Number of Unsuccessful Attempts You can define the maximum number of unsuccessful attempts after which a User ID should
32. ch the administrator of a certain branch is allowed restricted to perform specific operations These other restrictions are referred to as Common Branch Restrictions According to the restrictions you maintain the administrator of a specific branch is allowed to perform specific operations in the administrator s home branch as well as any branch found in the list of allowed branches According to your requirements the implementers at your installation configure a list of the specific functions or applications for which you might wish to maintain such branch restrictions You can maintain branch restrictions for each of these applications as required In the Branch Restrictions screen you can specify the applications for which you intend to maintain branch restrictions To invoke the Branch Restrictions screen click Branch Restrictions button in the SMS Bank Parameters Maintenance screen e Branch Restrictions Web Page Dialog Branch Restrictions E Restriction Type Description For maintaining the Branch Restrictions for an application click add icon to add a record to the list Then click on each field s option list to select the application for which you intend to maintain branch restrictions You cannot create common branch restrictions for an application that you have not specified in this screen 2 7 ORACLE Example You wish to restrict branch administrators from performing operat
33. cord was authorized is displayed in the Date Time field positioned next to the Authorized By field The number of modifications that have happened to the record is stored in the field Modification Number The Status of the record whether it is Open or Closed is also recorded in the Open checkbox 2 2 Setting up Parameters at the Bank Level Certain parameters related to security management should be defined at the bank level These parameters will apply to all the users of the system Examples of such parameters are the number of invalid login attempts after which a user id should be disabled the maximum and minimum length for a password the number of previous passwords that should not be used the interval at which the password should be changed by every user etc You can invoke the SMS Bank Parameters Maintenance screen by typing SMDBKPRM in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button SMS Bank Parameters Maintenance Web Page Dialog Bank Level Parameters Password Length characters Head Office Maximum Site Code Mipdirmum Activation Key Invalid Logins Cumulative SUCCESSIVE Parameters Passyward Repititions Intimate User before Password Force Password change atter expiry Archival Period in Days D Force Password change for a new userReset Maximum Consecutive Repetitive Characters Minimum Days between Password Change
34. defining click Functions button in the User Profile Definition screen The Functions screen will be displayed as shown below e Functions Web Page Dialog User Stage Functions E Branch Code Function Mew Copy Delete Close Unlock Reopen Print Auth Reverse Rollover coll The various functions in the system fall under different categories To assign a function to a user profile in the User Functions screen you must select the tab of the function category to which the function belongs The function categories and their respective tab in the User Functions screen are as follows Category Description Tab Functions relating to the maintenance of static tables Onine Functions relating to contract processing Batch Functions relating to the automated operations like automatic liquidation of contract interest etc Functions relating to the generation of reports in the various modules Functions relating to access rights for the tasks under a process Click on the corresponding category tab to associate the required functions as described below To add a function click add icon At Function Identification you should select the function for which you want to give rights The adjoining option list displays a list of Function IDs belonging to the category along with their descriptions From this list you can pick up the function for which you want to give access rights by double clicking on it when it is
35. djoining arrow button User Holiday Summary Web Page Dialog Authorization Status Branch Code Leave From Record Statue User ID MAHADEV Leave To Advanced Search Refresh Lock 1 of Record Status Branch Code User ID Maker ID CHO MAHADEN Gi 008 MAHADEN OH 008 Records per page 15 Authorization Status Authorized Authorized Leave To DIOU g4 20000 Leave From Open Open You can query for records based on the following criteria e Authorization Status e Record Status e Branch Code e User ID e Leave From e Leave To MAHADEY On 2008 MAHADEY On 2008 Reset 1 Checker ID vi vi Checker D g 2008 g 2008 Maker Dt Stamp Click Search button Based on your preferences the system identifies all records satisfying the criteria and displays the following details for every record e Authorization Status e Record Status e Branch Code e User ID e Leave From e Leave To e Maker ID e Maker Date Stamp e Checker ID e Checker Date Stamp 2 23 ORACLE 2 10 Defining a User Profile A User Profile defines the activities that a user can carry out on the system It also contains the user ID the name through which the user will access the system and the password You can create User Profiles through the User Maintenance screen You can invoke this screen by typing SMDUSRDF in the field at the top right corner of the Application tool bar and clicking on the
36. e Function ID Seber Ed Tite SSS TES SS aes Sra JES 14 57 33 SSS 3 sas lee CC 12 57 33 HOER 194205 HOGA 19 42 03 LOS d r Dn TOA GR 14 SU 1152008 1539 50 1042008 15 38 50 1G 1544 24 Click Search button Based on your preferences the system identifies all records satisfying the criteria and displays the following details for every record e User ID e P Address e Branch Code e Function ID e Sequence No e System Start Time e System End Time e Exit Flag 3 11 Viewing Branch Status You can view the host connectivity status of various branches through the Branch Status screen You can invoke this screen by typing SMSBRNST in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button The screen is displayed as below ORACLE A Branch Status Web Page Dialog Branch Code Branch Marne Branch Status Advanced Search i i Records per page 15 Lock 1 of 19 H Go to Page Branch Code Branch Mame Branch Status BANK FUTURA amp BRANCH Online RA BRANCH FOR LE Online RA BRANCH FOR LE Online American Bank Main Branch Offline BANK OF INDIS TRADE BRANCH Online TRADE FINANCE BRANCH FOR LE Online CITI Bank Trade Branch Online Pl Branch Online AAA BRANCH Online AAD BRANCH erie SET Bank Offline HOF Bank Bangalore Offline BANK FUTURA BRANCH OFFICE Online BANK FUTURA BRANCH OFFICE Online BANK FUTURA HEAD OFFICE Online You can quer
37. efined at three levels e At the bank level applicable to all the users of the system e At the user role level applicable for all the users assigned the same role e At the user level applicable for the user The list of Restrictive Passwords should typically contain those passwords the users are most likely to use the name of your bank city country etc For a user role it could contain names or terms that are commonly used in the department At the user level it could contain the names of loved ones etc By disallowing users from using such common passwords you can reduce the risk of somebody other than the user knowing the password Click Password Restrictions button to define restricted passwords at the bank level that should not be used by any user of the bank e Password Restrictions Web Page Dialog Restrictive Password password To add a password to the Password list click add icon To select a record in the list use the check box beside it After you listed the restrictive passwords in the Password list click Ok button to save the password restrictions 2 6 ORACLE 2 3 Branch Restrictions for Specific Applications You can restrict administrators of branches from performing operations related to specific functions in branches other than their home branch These are referred to as Branch Restrictions for Specific Applications You can also maintain a list of branches in whi
38. ersions the system will use the mid rate of the STANDARD exchange rate type maintained in your system Input Limit Specify the maximum amount that a user to which the limits role is associated is allowed to process while entering a transaction Authorization Limit Specify the maximum amount that a user to which the limits role is associated is allowed to process while authorizing a transaction 2 7 1 1 Working of the Limits Input Limit If the transaction amount exceeds the input limit maintained for the Role the system displays an override message Selection of the OK button in the message window will allow the user to continue despite exceeding the limits If the user selects the Cancel button he will not be able to continue with transaction processing Authorization Limit If the transaction amount that the user is attempting to authorize exceeds the authorization limit maintained for the Role the system displays an override message Selection of the OK button in the message window will allow the user to continue with the authorization despite exceeding the limits If the user selects the Cancel button he will not be able to continue with authorizing the transaction WY The role limits input and authorization would apply to a user with which the limits role has been associated for operations in any of the modules listed above that is payment transactions single entry journal transactions multi off
39. etails of the transaction Old Value The value in the field before it was modified The value in the field after it was modified Date amp Time The date and time of the transaction em rss enen re bei reen 5 6 ORACLE 5 5 Inactive Users Aging Analysis Report This report gives details of users who have not used the system over a certain period You should enter the period when you invoke the report The details are sorted in ascending order of the date from which the user has not used the system In the Application Browser this report is available under Security Maintenance in the reports generator Click OK button if you want to generate this report To come out of this screen without generating the report click Exit button 5 5 1 Contents of the Inactive Users Aging Analysis Report UserID The ID of the user who has not been using the system The date from which the user has not accessed the system Status The status of the user enabled disabled hold inactive Inactivity Period The number of days for which the user has not used the system 5 6 Inactive Users Log Report This report gives details of users who have not used the system over a certain period You should enter the period when you invoke the report The details are sorted in ascending order of the date from which the user has not used the system In the Application Browser this report is available under the SM module To invoke this screen ty
40. h can view a list of all the users logged in from the current branch or from any other the branches through the Current Users screen 3 2 ORACLE Current Users Web Page Dialog Users Current Branch All Branches CURRENT USERS Terminal User Identification 10 184 92 191 GANESH 10 184 92 251 TESTS The following details are captured here Branch You are allowed to view users logged in from the current branch as well as any other branch Select the any of the following options and click Users button to view the current users of that branch e Current Branch e All Branches The following user details are displayed here e Branch The branch from which the user has logged in e Terminal The terminal system from which the user has logged in e User Identification The name of the user e Start Time The time when the user logged in 3 4 Defining Language Codes Every language that is supported by the system is identified by a Language Code In Oracle FLEXCUBE this code is a three character alphanumeric code Invoke the Language Code Maintenance Detailed screen by typing SMDLNGCD in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button 3 3 ORACLE E Language Code Maintenance Detailed Web Page Dialog Language Code Language Mame Input By DOCUMENT Date Time Modification Number oe ID ale 1E or Calon We gi
41. his report are discussed under the following heads Header The Header carries the title of the report information on the branch code the ID of the user who generated the report the date and time at which it was generated the branch date the modules covered in the report Body of the report The following details are displayed in the report 5 1 ORACLE eer The user who initiated the event Function Description The name of the function that activated the event Start Time The time at which the event was initiated End Time The time at which the event was successfully completed or was aborted If the event has not been completed or Not Yet is displayed here Total time spent on individual functions by individual users is also provided 5 2 Security Management System Violations Log Report Any attempt at violating the security of the system will be reported in the Security Violations report You can generate this report for a particular period In the Application Browser this report is available under the SM module To invoke this screen type SMRPVLLG in the field at top right corner of the Application tool bar and click the adjoining arrow button Security Management iolation Log Report Options Web Page Dialog Date Range From Date O Purge To Date Time Range Ce Date and Time f User Identification 5 2 1 Contents of the Security Management System Violations Log Report The contents of this
42. horized e For the PC module you can apply restrictions on product categories 2 10 12 Process You can give a user rights to the workflow stages of certain functions using the Process screen Click Process button in the User Maintenance screen and invoke the Process screen 2 Process Web Page Dialog User Stage Fnetions CI Function Branch Code New Hold Terminate Accept Reject Cl sTosaoo az cHo a Oo oO CT Click add icon to add a record under the User Stage Functions list Into each added field select the required function branch code by clicking the adjoining option list For a selected function you can give rights to perform different stages of workflow to User 2 10 13 Disallowed Functions You can restrict certain functions from being performed by a user You can specify such restrictions in the Disallowed Functions screen Click Disallowed Functions button to invoke this screen 2 43 ORACLE iz Disallowed Functions Web Page Dialog Function Disallow C Function C icDcHONnL aE C FTDDSHBD Click add icon to add a record under the Function list Into each added field select the required function by clicking the adjoining option list 2 10 14 Users Holiday You can view holiday periods maintained for the user profile in the Users Holiday screen Click Users Holiday button to invoke this screen User Holiday Summary
43. in the Application toolbar to delete an existing role profile If the role is linked to any user a warning message will be displayed This message will bring your attention to the fact that the user profile to which the role is linked will not be the same if the role profile is closed You will be prompted to confirm the closure The Role Profile will be closed only if you confirm the Closure 2 18 ORACLE 2 6 9 Defining Roles for Oracle FLEXCUBE Branch Users You can define a role with functions typically performed by users accessing the Oracle FLEXCUBE Branch system To indicate a role as an Oracle FLEXCUBE Branch role select the Branch Role option in the Role Maintenance screen 2 7 Defining a Limits Role Oracle FLEXCUBE allows you to place restrictions on the amount specified by a user when processing a transaction You can also restrict users with authorization rights from authorizing transactions with amounts beyond a specific limit To achieve this you can define Input Limits and Transaction Authorization Limits for a user at the time of maintaining a User Profile in Oracle FLEXCUBE The input limits and authorization limits will be made applicable to the following types of transactions e Payment transactions FTs e Single Entry Journal transactions e Multi Offset transactions e Teller transactions Oracle FLEXCUBE allows you to maintain different Role Limits which can then be linked to a user profile The li
44. ions in the Role Profile 2 6 1 The Procedure for Defining Role Profiles Role profiles are defined in the Role Maintenance screen You can invoke this screen by typing SMDROLDF in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button Role Maintenance Web Page Dialog Role Identification Role Description E Maintenance Reports Batch Online Process Stage Rights Account Class Restriction Branch Restriction Rights Password Restriction web Branch Branch Limit Fields Maker Date Time E Authorized Checker Date Time T Open 2 6 2 Defining Functions for a Role Profile After you have defined the basic attributes of a role profile the Role Identification Description Branch Role you should define the functions to which the role profile has access The various functions in the system fall under different categories To assign a function to a role in the Role Maintenance screen you must click the function category button to which the function belongs The function category buttons in the Role Maintenance screen are as follows e Maintenance Functions related to the maintenance of static tables e Reports Functions related to the generation of reports in the various modules e Batch Functions related to the automated operations like automatic liquidation of contract interest etc e On Line Functions related to co
45. ions in the following applications in branches other than their home branch e User administration creation modification and viewing of user profiles e End of Day EOD operations e Maintaining rules for ICCF components e Maintaining branch restrictions for IC rates In the Restriction Type field in the SMS Branch Restriction Type screen select USRADMIN to maintain branch restrictions for User Administration EQDOPERATN to maintain branch restrictions for EOD operations ICCFRULE to maintain branch restrictions for maintaining ICCF rules and ICRATES to maintain branch restrictions for IC rates 2 4 Creating Common Branch Restrictions To recall in the Branch Restrictions maintenance you have identified those applications and operations for which you intend to maintain branch restrictions Having done this you must proceed to create the appropriate common branch restrictions for each branch administrator You can maintain these restrictions in the common Branch Restrictions screen You can invoke this screen by typing SMDBRRESQ in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button This can be done only at the head office branch J Branch Restrictions Web Page Dialog User Branch Description Restriction Type Description Branch Restriction Allowed Ce Disalloyved Dizallayring Branches Branch Code Description Fields Input By DOCUME
46. layed to all users before allowing them to login to Oracle FLEXCUBE You can specify the text content of such a message in the Warning Screen Text field This message will be displayed soon after a user launches the Oracle FLEXCUBE login screen The user will be allowed to continue with the login process only after he clicks on the OK button on the message window You can modify the contents of the message only during the transaction input stage The changes will come into effect during the next login by a user The maximum size of the warning message is 1000 characters You will be allowed to specify the contents of the warning message only if the Display Legal Notice option is enabled 2 2 4 Specifying Parameters for User Passwords You can specify the following parameters that would govern user passwords Password Length characters You can indicate the range of length in terms of number of characters of a user password The number of characters in a user password is not allowed to exceed the maximum length or fall below the minimum length that you specify here The minimum length defaults to 6 and the maximum length to 11 You can change the defaults and specify the required range If you do so you can specify a minimum length between 6 and 15 characters and a maximum length between 10 and 15 characters The minimum length that you specify must not exceed the maximum length that you have specified Force Passwo
47. mits defined for the attached role will be applicable to the user profile to which it is linked The Role Limits are maintained in the Role Limits Maintenance screen You can invoke this screen by typing SMDRLMNT in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button Role Limits Maintenance Web Page Dialog Role Identification BC USER _ROLE4 Description BC USER ROLES CNY Limits Currency CNY input Limit Authorization Limit PRODUCT ROLE LIMIT RW Component Order Moie Product Code eg L ng Authorization L mg Li 1a ALL 2000 IS Input By TEMP Date Time 12 2008 13 24 16 Modification Humber 3 wl Open Authorized By TEMP Date Time 12 5 2006 13 24 16 eil Authorized 2 19 ORACLE Role Identification The Id that you specify here will uniquely identify the Role Limit throughout the system A Role Limit is distinct from the User Role in that the Role Limit is designated for the specific purpose of enabling you to set transaction amount processing limits that you wish to impose on a user Description You can specify a brief description for the Role Limit being defined Limits Currency Here you will indicate the currency in which the limits transactions amounts will be expressed If a user captures a transaction in a different currency Oracle FLEXCUBE will convert the transaction amount to the Limits Currency and then perform the validations For currency conv
48. n the field at the top right corner of the Application tool bar and click on the adjoining arrow button g ORACLE e Current Users Web Page Dialog Users CURRENT USERS O Branch T CHO CHO TT CHO CHO T CH I CHO T CH Terminal 10 80 150 87 10 80 15 178 10 80 2412 10 80 150 220 10 80 15 227 10 80 2441 224 10 80 151 124 Ce Current Branch f All Branches User Identification DIV ELIZA IR S3 Ri ROHAU SUBA VEERA start Time 2000 07 03 04 21 44 2000 07 03 05 14 15 2000 07 03 05 51 00 2000 07 03 05 15 12 2000 07 03 05 10 15 2000 07 03 04 57 02 2000 07 03 04 55 40 5 3 1 Contents of the User Profile Report Branch Code and Name The code allotted to the branch and the full name of the branch Date and Time At which the report was generated Printed by The user who has generated the report spool file is given here EC Ip Prepare veeroo aean arboro erros Se a EE FunctionID The function allowed for the user ORACLE Function Description The description of the function Link Link with Role Definition Role Link with Role Definition Ifthe user has been linked to a role the role ID is given here user has been linked to a role the role ID is Ifthe user has been linked to a role the role ID is given here here Maximum Transaction The maximum amount that the user can enter in a single Amount transaction Maximum Authorization The maximum amount that a transaction can have if it
49. nance screen before it is available for execution Mostly our professionals carry out this activity You can modify the description of the function that appears in the Application Browser through this screen You can invoke this screen by typing SMDFNDSC in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button 2 Function Description Maintenance Webpage Dialog Function Identification STDCIF Name Module List CO ER Type Form Custom Function D Menu Head MODULE Type String Maintenance vi C Available E Tanking Required C Automatic End Of Day aware A Log Event E Customer Access F Auto Authorization _ Head Office Function F Duplicate task check Main Control String for functions and reports Duplicate Check Fields Function Description iO Language Code Main Menu Sub Menu 1 Sub Menu2 Balloon Help Description Field Properties Maker Date Time Mod No WB Authorized Cancel Cancel Checker Date Time WB Open The following details are captured here Function Identification Select the Function id for which you want to give access rights from the option list Module Select the module to which the Function id has to be mapped All Functions are mapped to specific modules Name Specify the executable to open the Function Id Type Select the type of Function Id here from the drop down list The options available are e F
50. nance or online screens will be automatically authorized when the Save operation is performed Example You have enabled automatic authorization for the following branches in the Branch Parameters Branch Automatic Authorization Enabled w fve 002 Yes In the Function Description maintenance automatic authorization has been enabled for the following functions Automatic Authorization Enabled Customer Information Maintenance Yes 2 27 ORACLE Function Automatic Authorization Enabled Customer Account Maintenance You have maintained automatic authorization rights for specific users in the User Profile maintenance as shown below EE You have also maintained transaction access rights for the users as shown below ser ene ren putas Anz ees zent mmer rm DEE EECH el mmepeamemees Im im nm Im pen Im rm smn Im Lemma Im ves According to your maintenance automatic authorization would be performed as shown below Automatic Reason Authorization on Save Customer Input and Authorize rights enabled for Information the user as well as automatic Maintenance authorization rights enabled for the user branch and function Ronald 001 Customer Automatic authorization not enabled Information for branch 001 Maintenance Automatic Reason Authorization on Save Ronald FT Contract No Automatic authorization not enabled Online for the FT Contract Online function S Ronald Customer No Authorization
51. nction id against each hot key You can select the function id to be mapped against the hot key from the adjoining option list 3 10 Viewing User Activities You can view a log of activities of Oracle FLEXCUBE users through the User Activity screen Note that you can view user activities only through Oracle FLEXCUBE host system This screen is not available for viewing in the branch installations You can invoke this screen by typing SMSUSRAC in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button The screen is displayed as below 3 9 ORACLE S User Activity Web Pape Dialog 3 wl LOCK Reccede p r page F Agie Branch Cade Furctian i MAHADEV 1048453475 CHO LOGH HAHADEY 10 164 53 175 MAHADEV As Sa TFS CHO TOL SMSLISRAC HMAHADE Y 10 1584 CHO n MAHEDEW 1019453175 Soot AHADE Y 10 184 53 175 PAHEDE WY Le ST MAHADEV 10 184 53 17 CHC LOGIN MAHADEV 1018453175 cHO GADEXSYS PLT TOV 31 AGEs LU MAHADEV 410 184 5347 MAHADE Y 10 184 53 175 MAHADEW 10 104 53 175 MAHADEV 1018453175 CHO SMOLISHOL MAHADEY 1018453475 CHO LOGH Advanced Search 1 oof 4 PIP System Start Tere Satie 15120 ues 10 53 51 SSO 100 tS Ses 1154 BSA 1155003 QSOS 13 Os 24 SAL IDN 23 RPTE b i e 21 A3 Sv ge JAA 1 Se oe du ia aa TOA Ss 14 55 16 DATU 1x20 DOE 1 2944 Dee En r You can query for records based on the following criteria e User ID e Branch Code
52. ndicate if the Force Password Change needs to be enabled or not This value will override if it is not checked at the SMS Bank Parameters level Invalid Logins Cumulative The number of Cumulative Invalid Login attempts allowed for a User before the User status gets Disabled is specified in the SMS Bank Parameters screen The actual attempts that a user makes when he logs into Oracle FLEXCUBE get displayed here Invalid Logins Successive The number of Successive Invalid Login attempts allowed for a User before the User status gets Disabled is specified in the SMS Bank Parameters screen The actual attempts that a user makes while he logs into Oracle FLEXCUBE get displayed here 2 10 2 Restricted Passwords You can maintain a list of passwords that the user is most likely to use For example a user may tend to use the names of persons bank department etc as a password as these are easy to remember This might be a security risk as it will be easy for another person to guess a password To prevent this you can maintain a list of passwords that the user should not use This list of restrictive passwords will be checked before a password is accepted when the user is changing passwords If the password entered by the user exists in the list it will not be accepted To specify a list of passwords that the user is not allowed to use click Restricted Passwords button in the User Profile definition screen A Restric
53. nge his password he should invoke the Change Password screen He cannot choose his old password STEELE again He now enters his new password as SMITHS Smith wants to change his password for the second time As the last two passwords cannot be used Password Repetitions 2 in the Bank Level Parameters table he cannot enter either STEELE or SMITHS as his new password He should enter a different password The number you specify here should be greater than or equal to 1 and less than or equal to 5 Minimum Days between Password Changes You can specify the minimum number of calendar days that must elapse between two password changes After a user has changed the user password it cannot be changed again until the minimum number of days you specify here have elapsed Intimate Users before password expiry The number of days for which a password is to be valid is defined in the Force Password Change after field You can also indicate the number of working days before password expiry that a warning is to be issued to the user When the user logs into the system the stipulated number of days before the expiry date of the password a warning message will continue to be displayed till the password expires or till the user changes it By default the value for this parameter is two i e two days before password expiry You can change the default if required If you do you can specify a number greater than zero and less than or equal t
54. ntract processing 2 13 ORACLE e Process Functions related to workflow e Acc Class Restriction Functions related to restricting the role from using certain account classes e Branch Restriction Functions related to restricting the association of roles to certain branches e Rights Functions related to giving necessary rights for perform various operations in respect of incoming and outgoing messages e Password Restriction Functions related to creating a list of words that the users having a certain Role are likely to use as Passwords and on which restrictions can be placed e Web Branch Functions related to the Teller Module where the Role is marked as a Branch Role e Branch Limit Function related to setting up Branch limits e Fields Functions related to User Defined Fields The lower portion of the Role Description screen has buttons corresponding to each of the above function categories Click on a button to view the corresponding screen 2 6 3 Branch Restriction You can specify the branches to which the role profile is associated and for which it is available Click Branch Restriction button in the Role Maintenance screen The Branch Restriction screen is opened E Branch Restriction Web Page Dialog Branch Restriction f Allowed f Disallowed Branch Restrictions C Branch Branch Name You can maintain a list of branches for which the role is either
55. o define the various action buttons depending on the status of the contract For each Transaction Status the record status Authorized or Unauthorized could also affect the Action buttons Some of the statuses that a Contract could have are e Y Irrevocable e A Authorized e U Unauthorized e V Reversed e L Liquidated e S Closed e H Hold e K Cancelled e N NON CUMULATIVE e T TIME e O OUR S Transaction Status Control Maintenance Web Page Dialog Transaction status Maintenace Transaction Authorization NW COPY DELETE CLOSE UNLOCK REOPEN PRINT AUTH reve A U x A U A U A A U A U A A A U A U A A U Check the box against a transaction record to select the actions allowed for that transaction Following are the actions that are allowed on a record e New e Copy e Delete 3 7 ORACLE e Close e Unlock e Reopen e Print e Auth e Reverse 3 9 Maintaining Error Messages Error codes provide step by step support for maintenances and contract Input for a User The Error codes are uploaded into the system at Software installation However the Description and Type of the error can be modified from the Oracle FLEXCUBE Menu Each Error Code can be of the following types e Override O e Ignore Warning l e Error E You can maintain error messages using the Error Messages Maintenance screen 2 Error Messages Maintenance Web Page Dialog Error
56. o five 2 4 ORACLE Example The value specified in the Intimate User Before Password Expiry field is 2 and a user s password is due to expire on 31 01 09 The warning message is displayed on 29 01 09 and 30 01 09 whenever the user logs in Force Password change for a new user Reset You can indicate whether a new user should be forced to change the user password during the first login after the profile is created If you indicate so when a new user logs in for the first time after the profile has been created a password change will be forced by the system 2 2 5 Placing Restrictions on User Passwords You are allowed to place restrictions on the number of alpha and numeric characters that can be specified for a user password Maximum Consecutive Repetitive Characters You can define the maximum number of allowable repetitive characters occurring consecutively in a user password This specification is validated whenever a user changes the user password and is applicable for a password change of any nature either through the Change Password function initiated by the user or a forced change initiated by the system Example The value specified in the Maximum Consecutive Repetitive Characters field is 3 and a user decides to change his password to STUDDDD123 The System will not allow this password change as the Maximum Repetitive Characters value has exceeded in the recurrence of D in the password Minimum Maximum
57. of the profile except the User ID and the password will be copied and displayed for the new user Enter a unique User ID and give a password You can change any of the details of the profile before saving it 2 10 16 Deleting a User Profile Enter the User ID The details defined will be displayed Select Delete from the Actions menu in the Application toolbar to delete an existing user profile Only users that have not been authorized can be deleted by the creator You will be prompted to confirm the deletion The user profile will be deleted only if you confirm the deletion 2 10 17 Closing a User Profile Users Ids that are no longer usable can be closed For Closing Enter the User ID The details defined will be displayed Select Close from the Actions menu in the Application toolbar to close an existing user profile The profile can be closed only if the User is currently not logged on to the system You will be prompted to confirm the Closure The user profile will be closure only if you confirm the Closure 2 11 Defining Alerts for Users Oracle FLEXCUBE allows you to define and send text messages to a destination user These text messages will be displayed as an alert on the dashboard when the destination user logs in to the application The user can then pick up the unprocessed messages and process it You can define the message for a destination user in the User Alerts screen You can invoke this screen by typing
58. ons for which you want to grant the permission Granting rights pertaining to operations on messages You can grant permissions for the following operations on outgoing messages Generating a message Printing a message Placing a message on hold Releasing a message on hold Canceling a message Inserting a testword Reinstating a message Changing the priority of a message Request information relating to Status of a message Request cancellation of a message 2 16 ORACLE e Changing the media through which a message is transmitted e Changing the address to which a message is to be sent e Moving a message to another branch e Changing the node from which a message should be generated e Authorization of any of the operations listed above in respect of outgoing messages You can grant permissions for the following operations on incoming messages e Printing a message e Authorizing a testword e Routing a message to a queue e Associating a message with a contract e Uploading incoming messages e Making changes edit incoming messages You can also grant permissions for changing the branch and the address in incoming messages e Authorizing changes made to incoming messages e Force Release payment message transactions with Funding Exception status and insufficient funds e Suppressing a message e Deleting a message Granting each of these permissions in the Rights screen enables the user having this role to
59. ord string contains special characters that are not allowed Retype Password SM 7023 Password cannot contain more than 1 consecutive identical characters SM 7024 You cannot change Password today 4 9 ORACLE SM 7025 The password should be mix of alphabetic and numeric characters SM 7026 Control Clerks Passwords do not match Retype Passwords again change less than 180 SCH ORACLE User G ORACLE Demo version will expire after 1 day s SR ORACLE SM EXTUS Oracle FLEXCUBE has been launched from another application Sign off disallowed Please exit SM QRY 01 The form is in the enter query mode Please click on the exit toolbar button or exit menu item to get to the normal mode SM QRY01 The form is in the enter query mode Please click on the exit toolbar button or exit menu item to get to the normal mode SE ORACLE 5 Reports 5 1 Events Log Report The Events Log report gives details of all events that occurred over a period in time You can specify the period for which you require the report when you invoke the report function In the Application Browser this report is available under the SM module To invoke this screen type SMRPEVLG in the field at top right corner of the Application tool bar and click the adjoining arrow button E Events Log Web Page Dialog Report For f Al Users f Selected Users From Cate To Date O Purge 5 1 1 Contents of the Events Log The contents of t
60. orm 2 10 ORACLE e Report e Stored Procedure Menu Head Select the menu head from the drop down list The options available are e Module e Report You can then specify the rights to the different actions for the functions by checking against the action These actions can be e Static Maintenance Functions gt New Define a new record Copy Copy details of an existing record Delete Delete an existing record Close Close an existing record Unlock to amend an existing record Reopen Reopen an existing record Print Print the details of selected records Authorize Authorize any maintenance activity on a record Vv Vv Y VV V WV e Contracts and on line transaction processing gt Reverse reverse an authorized contract Rollover to manually roll over an existing contract into a new contract Confirm to indicate the counterparty or broker confirmation of a contract Liquidate to manually liquidate a contract Hold to put a contract on hold Template to save a contract as a template View to see the details of the contract Vv Vv Y VV WV e Reports gt Generate to generate reports gt View view the reports gt Print print the reports To delete the access rights given for a Function select the Function ID and click delete icon Custom Function ID Specify a custom function id which can be used as an alias for the function id selected If you input this value in the field at the top right corner of the
61. pe SMRPINST in the field at top right corner of the Application tool bar and click the adjoining arrow button sl Security Maintenance Inactive Users Report Webpage Dialog Format POF Output Output Print C View Ge Spool Printer Printer 5 7 ORACLE 5 6 1 Contents of the Inactive Users Log Report The contents of this report are discussed under the following heads Header The Header carries the title of the report information on the branch code the ID of the user who generated the report the date and time at which it was generated the branch date the modules covered in the report Body of the report The following details are displayed in the report UserID The ID of the user who has not been using the system The home branch of the bank Last Signed On The date from which the user has not accessed the system Inactive For In days The number of days for which the user has not used the system Status The status of the user enabled disabled hold inactive e ORACLE ORACLE Security Management System April 2010 Version 1 0 Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores CA 94065 U S A Worldwide Inquiries Phone 1 650 506 7000 Fax 1 650 506 7200 www oracle com financial_ services Copyright 2010 Oracle Financial Services Software Limited All rights reserved No part of this work may be reproduced stored in a retrieval system adopted
62. perform the corresponding functions in the Incoming and Outgoing Message Browsers The appropriate button in the Browser in each case is enabled for the users associated with the role For details regarding each of these operations in respect of both incoming and outgoing messages consult the Messaging System user manual Apart from these functions you can also grant permission for the cover matching function for incoming payment message transactions For details regarding uploading incoming payment transaction messages and cover matching for incoming payment transactions refer the Straight Through Processing chapter in the Funds Transfer user manual Grant Queues You can grant the message queues to which the role has access and in which users associated with the role can perform messaging operations according to the messaging rights you have assigned The required queues can be selected and listed in the Queues list under the Grant Queues section 2 6 6 Password Restriction System allows you to create a list of words that the users having a certain Role are likely to use as Passwords and on which restrictions can be placed The list of Restrictive Passwords should contain those passwords that the users are most likely to use the name of your bank city country etc For a user role it could contain names or terms that are commonly used in the department At the user level it could contain the names of loved ones
63. r is set at the User Profile For a user to be able to login the time level for the user set at his User Profile should be greater than or equal to that of the system Branch The time level can take values between zero and nine Typically Time Levels are used to prevent Users from Logging into FLEXCUBE when the System is Offline either because it is running the End of Cycle operations when it is necessary that no user be logged in Before the EOC Operations we increase the time level of the system so that it is higher than that of any user The users who are logged on will be able to finish the function they are currently running Once they log out you can then run the End of Cycle functions These Users will now be unable to log in as their Time Levels is lesser than that of the Branch Last Signed On This is a display field which shows the Date and Time of the Users last Login On each Sign on into the System this field gets displayed as a Message to the User e Information Web Page Dialog MESSAGE G Last Login 2000 07 03 11 26 50 Auto Authorize To indicate that a user is allowed to perform automatic authorization you must enable the Auto Authorize option in the User Maintenance screen If automatic authorization has been enabled for a function branch and user profile and such a user has rights for both input and authorize operations any record maintained by such a user in the corresponding function mainte
64. rd Change after The password of a user can be made valid for a fixed period after which a password change should be forced In the Force Password Change after field you can specify the number of calendar days for which the password should be valid After the specified number of days has elapsed for the user s password it is no longer valid and a password change is forced The number of calendar days defined here will be applicable for a password change of any nature either through the Change Password function initiated by the user or a forced change initiated by the system The system defaults to a value of 30 which can be changed If you change it the number of days you specify here should be between 15 and 180 days inclusive Password Repetitions You can stipulate the number of previous passwords that cannot be set as the new current password when a password change occurs The system defaults to a value of three i e when a user changes the user password the user s previous three passwords cannot be set as the new password You can change the default and if you do you can specify a number between one and five inclusive The following example illustrates how this works Example While setting up the Bank Level Parameters you have given a value of 2 in the Password Repetitions field Mr Smith is a user of the system with the following details USERID SMITH Password STEELE If Mr Smith wants to cha
65. ries to certain General Ledgers GLs maintained in Oracle FLEXCUBE Further you can restrict the user from posting entries to specific node and leaf GLs Click General Ledgers button to specify the GL restrictions 2 37 ORACLE Z General Ledgers Web Page Dialog General Ledger Restriction Ce Allowed f Disallowed Node GLs S Leaf GLa E Node General Ledgers E Leaf General Ledgers Ej DE You can either allow or disallow the user from using certain GLs Select the node GLs and leaf GLs that you want to restrict 2 10 9 Limits You can place a limit on the transaction amount for a user Consequently the system will not allow the user to process transactions exceeding a specific limit You can also associate a limits role with a user profile Click Limits button to indicate the limits 2 38 ORACLE E Limits Web Page Dialog Limits f User Limits f Limits Role f No Limits Limit Currency Input Limit Authorization Limit Role of Limits E Branch Limits Role Limit Currency Input Limit Authorization Limit 2 10 9 1 Specifying Limits In this screen you can choose to e Define user specific limits e Link a Limits Role to the User Profile e Maintain No Limits The manner in which FLEXCUBE handles each of the above options is explained below 2 10 9 2 Specifying User Specific If you choose to maintain User Limits you will need to specify the following details e Limit Currency e Inp
66. rrrrrrrrrrrrrrren 2 13 2 6 2 Defining Functions for a Role Profile aaaeaanannnnnnnnnnnnnnnnnnnnsnnnnnssssssnrrnsnrrrnrrrrrrrrsrrrsrrrrnsrrsssssene 2 13 2 6 3 Branch TCC SEV IOI ee e 2 14 2 6 4 Account TE 2 15 2 6 5 e 2 16 2 6 6 Password Restriction ices siticsetis accuses etaseiseacindleuiinacideioucks bdiiuatiteticndts beaut atictasbeslediciendintdnteuabiausesdislastesrtbussivetia 2 17 2 6 7 Copying the Role Profile of an Existing Role cccccccccccccc cc cccc cece cece e cece e eee eeeebeeeeebeteteeeeeeeeeeeeeeeeeeeeeeees 2 18 2 6 8 EE 2 18 2 6 9 Defining Roles for Oracle FLEXCUBE Branch Leer 2 19 27 DNO ALM ROL Be ea earsacix T E A E eat ca genre ae ones 2 19 2 8 D TN Se HOLIDA EE 2 21 2 9 VIEWING genge Een ER E 2 22 SEA e RR e EE 2 24 GE Eet 2 30 BA d ENER 2 31 eeh eebe 2 32 GD S OWNS EE 2 34 ESA Ee ler ee ee eRe ee Tee eRe CNT Tee NRO RTE TOE eee EE 2 36 DF COU EE EE 2 36 EE eebe 2 37 ESA d 2 38 2 10 10 DVIS sacar ices alae esac geno msn ea de tessa eee 2 40 2 10 11 Ui EE 2 42 2 10 12 EE 2 43 2 10 13 Disallowed Eeer 2 43 2 10 14 EE eebe 2 44 2 10 15 Copying the User Profile of an Existing leen eetieieeebteuteegeieieebeg eebe ebe 2 45 2 10 16 EE 2 45 2 10 17 EE ee 2 45 2 11 DEFINING ALERTS FOR USERS E 2 45 2 12 SINGLE SIGN ON SSO ENABLED ENVIRONMENT ccccccccccccecceecesssssseseeeeeeccccceeeeeeesaauaessseeeeeeeceeeeeeeeaaas 2 47 ORACLE 3 ASSOCIATED DEL ee RL ON 3 1 3 1 CLEARING A OCH E EE 3 1 3 2 CHA
67. s Maximum Number of Alpha Characters in Password Minimum Number of Alpha T Display Legal Notice Characters in Password T Password has Capital Maximum Number of Numeric Letters 7 Characters in Password Dormancy Days Minimum Number ot Numert Characters in Password Maximun Number of Special Characters in Password Minimum Number of Special Characters in Password Branch Restrictions Password Restrictions Fields Input By Date Time Modification Number I Authorized Authorized By Date Time I Open Sior You can modify the Bank Parameters only when the Head Office branch is in the transaction input stage 2 2 1 Invalid Logins You can specify the allowable number of times an invalid login attempt is made by a user Each user accesses the system through a unique User ID and password While logging on to the system if either the User Id or the Password is wrong it amounts to an invalid login attempt You can stipulate the allowable number of cumulative invalid attempts made during the course of a day as well as the allowable number of consecutive or successive invalid attempts made at a time In either case if the number of invalid attempts exceeds the stipulated number the user ID is disabled By default the allowable number of cumulative invalid attempts is six and the allowable number of consecutive invalid attempts is three You can change the default and specify the allowable number of attempts in each case You can
68. screen You can invoke this screen by typing SMDSOPR M in the field at the top right corner of the Application tool bar and clicking on the adjoining arrow button 3 5 ORACLE e Single Sign On Maintenance Web Page Dialog LOWAP Host LDAP Port LDAP Admin Id LOAP Password LOAF Base Time Out Duration Seconds Fields Input By DOCUMENT Date Time Modification Number Ope ID ale 1E or Calon Ie g Open Authorized By Date Time I Authorized The following details can be maintained in this screen LDAP Host Indicate the machine or server name where LDAP Oracle Internet Directory is installed LDAP Port Specify the network Port number where the LDAP Oracle Internet Directory listen to the Server LDAP Admin id Specify the admin user id of the LDAP Oracle Internet Directory LDAP Password Specify the Password for the LDAP Admin User which is provided during installation LDAP Base Specify the directory information tree DIT structure under which the data is to be stored which is provided during installation This is used while validating the user present in the LDAP Oracle Internet Directory Time Out Duration Sec You can stipulate the allowable idle time in seconds that a user can spend without performing any activity after logging in to the system 3 6 ORACLE 3 8 Maintaining Transaction Status Control The Transaction Status Control Maintenance screen allows the user t
69. set transactions Product Role Limit Check this box to enable Module and Product wise Role Limits If you check this box system checks the user limits for all financial transactions in the bank If you leave this box unchecked system disables Product Role Limit definition 2 20 ORACLE 2 7 1 2 Defining Product Role Limit You can define role limits module wise and product wise for input and authorization Module Select the module for which you want to define the role limits Product Code Select the product code of the module Input Limit Specify the input limit for the selected module and product code Authorization Limit Specify the authorization limit for the selected module and product code Note the following e The system follows the following hierarchy for deciding the limit for input or authorization gt Specific module and product gt Specific module and all products gt All modules and all products e This limit is applicable for individual transactions and contingent entries as well and the limit is based on the transaction date e User defined limits are applicable for input and authorization of newly booked fresh contract for all modules 2 8 Defining User Holidays You can block a specific user login for a certain time frame by defining holiday slots for that user profile You can define holiday slots through the User Holiday Maintenance screen You can invoke this screen by typing
70. ss than 180 4 3 ORACLE SM 00173 Min password alphabets length can not be greater than Max password alphabets length SM 00174 Min password alphabets length can not be greater than Max password length SM 00175 Min password alphabets length Max password numeric length can not be greater than Max password Length SM 00176 Min password alphabets length Min password numeric length can not be greater than Min password Length SM 00177 Min password numeric length can not be greater than Max password numeric length 4 4 ORACLE SM 00178 Min password numeric length can not be greater than Max password length SM 00179 Min password numeric length Max password alphabets length can not be greater than Max password Length SM 00180 Max password alphabets length can not be lesser than Min password alphabets length SM 00181 Max password alphabets length can not be greater than Max password length SM 00183 Max password numeric length can not be greater than Max password length SM 00184 Max password numeric length can not be lesser than Min password numeric length 4 5 ORACLE 4 6 ORACLE SM 01014 Restricted access program invoked by control clerks machine oracle settings 4 7 ORACLE SM 10005 This Function has been linked to a role SM 3001 User does not have rights SM 3002 Incorrect User ID or password SM 555555 Sign off allowed only from home branch SM 555556 Logout allowed only from home branch 4 8 ORACLE SM 7022 The Passw
71. ssage to another branch e Changing the node from which a message should be generated e Authorization of any of the operations listed above in respect of outgoing messages You can grant permissions for the following operations on incoming messages e Printing a message 2 33 ORACLE e Authorizing a testword e Routing a message to a queue e Associating a message with a contract e Uploading incoming messages e Making changes edit incoming messages You can also grant permissions for changing the branch and the address in incoming messages e Authorizing changes made to incoming e Force Release payment message transactions with Funding Exception status and insufficient funds e Suppressing a message e Deleting a message Granting each of these permissions in the Rights screen enables the user to perform the corresponding functions in the Incoming and Outgoing Message Browsers The appropriate button in the Browser in each case is enabled for the user For details regarding each of these operations in respect of both incoming and outgoing messages consult the Messaging System user manual Apart from these functions you can also grant permission for the cover matching function for incoming payment message transactions For details regarding uploading incoming payment transaction messages and cover matching for incoming payment transactions refer the Straight Through Processing chapter in the Funds Transfer user man
72. ted Passwords Web Page Dialog Restricted Password l Password Ej Ej oo The user for whom you are defining the restrictive passwords cannot use restrictive passwords defined in the Bank Level Parameters screen and the Role Profile screen 2 10 3 Roles A Role is always associated to a User for a specific Branch The values set at the Role level are directly inherited by the User for that branch like Functions Ids Account Class and Branch Restrictions Input and Authorization Limits etc To attach the user profile you are defining to a role you must use the Roles screen Click Roles button and the Roles screen will be displayed The roles to be attached to the user profile can be listed under Roles list 2 31 ORACLE E Roles Web Page Dialog User Fole Mapping Branch Code Role Description Ej DE Click add icon to add a record under the Roles list Into each added record s field select the required role by clicking the adjoining option list Repeat this procedure to attach more roles To delete a role s that has been attached to a user profile check the box beside it and then click delete icon 2 10 4 Rights A user should have the necessary rights to perform various operations in respect of incoming and outgoing messages in the Messaging module of Oracle FLEXCUBE You can grant specific permissions for operations on messages as well as allot the
73. the Products screen Click Products button and the Products screen will be displayed e Products Web Page Dialog Posting Restriction Ce Allowed f Disallowed Products Product Code Description Access Restriction f Allowed f Disallowed Products Product Code Description DE In this screen you can place the following restrictions on the User Profile e Posting Restriction e Access Restriction Users who have posting restrictions will not be able to process transactions involving restricted products Users with access restrictions will not be allowed to view or print financial details of contracts involving restricted products To allow or disallow the user from posting into accessing certain products by e Select the option Allowed if you want to allow the user to post entries into access certain products e Select the option Disallowed to disallow the user from posting accessing certain products After choosing the Allowed or Disallowed option click add icon to add a record under the Products list Into each added record s field select the required Product Code by clicking the adjoining option list 2 42 ORACLE Note the following e ffor a product the Access restriction has not been maintained but Posting is allowed the restricted user can post transactions for that product and can view the contract information until such time that the contract gets aut
74. triction type USRADMIN in the Common Branch Restrictions When the administrator of a branch attempts to create a new user in the User Profile screen the branches available in the Home Branch field in the screen are only those allowed branches maintained in the Common Branch Restrictions for restriction type USERADMIN For details about the Common Branch Restrictions refer the section Creating Common Branch Restrictions in this user manual 2 24 ORACLE Example You have created the following branch restrictions Restriction Type Allowed Branches USRADMIN 000 001 002 005 USRADMIN 001 006 The administrator of branch 000 can perform user administration for the branches 000 001 002 and 005 but not for 006 When the administrator of branch 000 attempts to create a new user in the User Profile screen the branches available in the Home Branch field in the screen will be 000 001 002 and 005 Language Select the Language in which the Users screen have to be defined from the option list The Language Codes maintained through the Language codes screen will be available for selection Home Branch By default the Current Branch is displayed here All users have to be attached to a branch User Status Select the status of the user from the options available The options available are e Enabled e Hold e Disabled For a user to be able to login to FLEXCUBE his status should be set as Enabled
75. ual Queues You can allot the message queues to which the user has access and in which the user can perform messaging operations according to the messaging rights you have assigned The required queues can be selected and listed in the Queues list under the Grant Queues section 2 10 5 Functions In addition to attaching a user profile to a role you can give rights to individual functions For a user profile to which no role is attached you can give access to specific functions If you have e Attached one or more roles to a user profile e You have given access to individual functions to a profile to which roles are attached The rights for Function IDs that figure in both the role and user specific functions will be applied as explained in the following example Example The role profile FXDP1 has access to New Copy Delete Close Reopen Unlock and Print for the Forward Rates table You attach the user profile of Tanya to the role FXDP1 While allotting rights to individual functions for Tanya you give rights to New Copy Delete and Close for the Forward Rates table The role has access rights to Reopen Unlock and Print in addition to these In such a case the user profile of Tanya will have rights to only the functions to which rights are given at the user profile level that is New Copy Delete and Close even if the role FXDP1 has rights to other functions To give access to functions for the user profile you are
76. user is either e Allowed e Disallowed To maintain an allowed list of branches choose the Allowed option Then the Branch Restrictions list will show the list of allowed branches To maintain a disallowed list of branches choose the Disallowed option If you maintain an allowed list then the user profile will be available only for those branches that you specify in the Branch Restrictions list Similarly if you maintain a disallowed list then the user profile will not be available only for those branches that you specify in the Branch Restrictions list Any branch that is Disallowed will not appear to that user in his Change Branch list After choosing either the Allowed or Disallowed option click add icon to add a record under the Branch Restrictions list Into each added record s field select the required branch by clicking the adjoining option list Note the following e The branch in which the user profile is defined is known as the Home Branch The branches the user can access are known as the Host Branches e You should create an ID called GUEST in each branch When a user belonging to the Staff category changes the branch of operation he can perform the functions defined for the GUEST ID in the Host Branch 2 41 ORACLE 2 10 11 Products You can restrict the user from using certain products maintained in FLEXCUBE Such product restrictions for the user can be specified in
77. ut Limit e Authorization Limit When a user processes a transaction the system will convert the transaction amount if the transaction is in a different currency to the currency in which the limit amount is expressed If the amount exceeds the limits maintained for the specific user the system will display an override message When such an override is sought the user will be allowed to continue processing depending upon the sensitivity assigned to the override The implementers at your installation configure this sensitivity depending upon your requirements If it has been configured as ignore or warning the user can continue processing despite exceeding the input limit by selecting OK in the override message window or select Cancel to terminate the processing If configured to be an error the user cannot proceed with the transaction without authorization 2 39 ORACLE GE The User Limits maintained for a User Profile are common and applicable across all the branches of your bank 2 10 9 3 Specifying Role of Limits You can link a Limits Role to the User Profile The Limits maintained for the role will be applicable to the user profile to which it is linked If you select the Limits Role option you will be required to specify the following details Branch For a user you can assign Limit Roles specific to each branch of your bank Depending on the branch in which the user operates the relevant Limits
78. y for records based on the following criteria e Branch Code e Branch Name e Branch Status Click Search button Based on your preferences the system identifies all records satisfying the criteria and displays the following details for every record e Branch Code e Branch Name e Branch Status 3 11 ORACLE d Error Codes and Messages 4 1 Error Codes Error Code Message SM 00001 Unauthorized installation Contact Oracle Financial Services representative SM 00002 Licensed number of users exceeded Try again after a while SM 00003 Guest ids can sign on only via change branch function SM 00004 Invalid login SM 00005 User already logged in SM 00006 User status is disabled Please contact your system administrator SM 00007 User status on hold Contact your system administrator SM 00008 Your time level does not permit you to log in Contact your branch system administrator SM 00009 Please change password now SM 00010 Password file missing or corrupt SM 0001 1 Contact your system administrator Oracle built in problem SM 00012 SMTBS_ passwords table missing or entries not found SM 00014 Password due to expire on 1 SM 00015 User profile expired Contact branch system administrator SM 00016 Your time level does not permit you to launch this function SM 00030 This function is currently not available for execution SM 00031 This form 1 is not available Contact your branch system administrator SM 00032
79. yments and Collections Message browser In the Payments and Collection module the restriction is applicable to product categories and not products If a balance exception has occurred the balances are not displayed for the restricted user but will be replaced by STOP S The restricted users will be able to e View print financial information pertaining to contracts they have initiated or view print balances pertaining to their own accounts e Post transactions to the staff accounts or create contracts for staff members even if the user is restricted to view print balances contract information pertaining to other colleagues e Incase of balance exception during transaction posting the balance will not be displayed The Exception Message will only state that the account will be overdrawn on account of the transaction e Post transactions and view transaction information until the contract is authorized After authorization such users cannot access the contract The only exception is that when the user has captured a contract the user will be allowed to view the details till the contract gets authorized LDAP DN The LDAP Details that have been maintained in the SSO screen have to be input here Clicking on the Validate button validates the LDAP details entered in the Single Sign On Time Level The time level is allotted at two levels at the Branch level and at the user level The Time Level for the Use
Download Pdf Manuals
Related Search