User administration
Contents
In the User Administration, an administrator can maintain users and their access rights within the system.
The maintenance consists of several actions such as:
•Create, edit and delete users
•Create, edit and delete groups
•Assign rights to users and groups
•Display reports for effective rights and audit trail
In the Users tab you can view and edit user rights by selecting it from the user list on the left. Additionally, you can create, edit and delete users from here.
The corresponding rights table of the selected user is displayed on the right side.
Within the table Access rights, you can define a user’s or group’s right (allow / deny / no entry) for each function and BNO separately.
For each FraudOne access right and BNO, an editable table cell is provided to specify the type of access to be granted to the selected user.
On the left side of the table cells you can see which type of access you have set manually and on the right side you see the effective access icon that is calculated automatically from the system.
If you click on a table cell a selection box appears and you can choose between the following values:
------ |
Access is unspecified "------" |
allow |
Access is allowed |
deny |
Access is denied |
Possible effective access icons are:
|
Access allowed |
|
Access denied |
|
Access allowed |
|
Access denied |
Important
•You can only edit table cells of a BNO for which you have Administration access rights.
•The FraudOne Configuration access right can only be edited under the BNO 999.
•In the user list only users with the same Administration Class as yours are displayed.
•If you selected yourself in the user list, the rights table is switched to read only mode.
•If the column 999 is visible, you can set here access for all other BNOs at once.
•Some access rights may depend on other access rights and are switched automatically if you change the superordinated right.
•Changes are saved if you click either Apply or OK.
In the rights table, FraudOne rights are grouped by different colors to indicate their type:
SignBase Right
SignCheck Right
Dynamic Right
The following FraudOne rights are available on the system:
SignBase
Right |
Description |
|---|---|
Display |
Has read-only access to information in SignBase. |
Edit |
May change account and signatory information. |
Verify |
May release the changes to a user's application. |
SB Administer |
Administers SignBase and may add new users and change existing user powers. |
Sign Teller Verification |
May do the dynamic signature verification (only available if the SignTeller-Add-On for the dynamic signature verification is available). |
SB Reports |
User can run available reports. |
Audit |
May check all changes to a customer, including the user who made the changes. |
Edit Serial |
May manage the check serial number reference data. |
SignCheck
Right |
Description |
|---|---|
Variants |
May classify and store variants. |
SC Reports |
May carry out actions in the SC Search List menu. |
VBD |
(Visual Branch Display) Note The Visual Branch Display feature is only available via the client Teller Interface. |
SC Administer |
May administer SignCheck powers. |
Change Check |
Authorization to change cheque data. |
View Decisions |
May display decisions made for a special item. |
SC Archive |
May access SignCheck archive data. |
Configuration and Administration
•Configuration - Allows to edit centralized configuration data
•CRS - Allows to maintain rules with the CRS Editor
•SrvMon Administration - Allows to administer the FraudOne system with the Server Monitor
•Edit Highlight - Allows to update the document highlighting feature pattern data
•Core Properties - Allows to view and edit core properties files
Clicking on the buttons New, or Edit opens the user dialog. Here you can create or edit a user's personal data, set a new password, and change the group memberships of the user.
If the client is configured to use Active Directory as the leading authorization system, the user dialog will contain a User ID or a Group ID field and the panel for searching.
To find a particular user or group in the Active Directory, the search key can be entered in the Search for field.
Searching items in the Active Directory can be performed using wildcards:
•*ABC* — matches all items which contain the key
•ABC* — matches all items which end with the key
•*ABC — matches all items which start with the key
•ABC — matches all items which have the exact key
Note
•The User-ID can only be edited if a new user is created.
•The Admin class is only editable for a super administrator without an own admin class.
•The Edit button is disabled in case if application configured to use Active Directory as an authorization system
•
For all other administrators the users Admin class is automatically set to the administrators Admin class.
Quick user access rights panel
In this panel it is possible to set all SignBase and/or SignCheck user access rights for a bank number at once.
Note Per default this panel is not visible. It can be activated by adding this line to the admin.properties file:
UserAdmin.QuickAccess.Visible = 1
In the Groups tab you can view and edit rights of a group by selecting it in the user list on the left. Also you can create, edit and delete groups here.
The handling of this dialog is the same as it is in the Users tab. The only difference is that you can't see any effective rights here.
Clicking on the button New or Edit opens the group dialog.
Here you can create, or edit a group's data and change the members of this group.
Note
•The Group Id can only be edited if a new group is created.
•To support computer centers and service agencies where multiple independent groups of users may be required, the User Rights System introduces the concept of an Administration Class (Admin class).
Every User and Group defined is a member of either exactly one Administration Class, or of none.
An administrative user that is not defined as a member of an Administration Class has the special privilege of being able to set or change the Administration Class of any other user or group (super admin).
Administrators that are members of an Administration Class can only administer users and groups which are members of the same Administration Class themselves.
A new user or group created by an administrator is automatically given the Administration Class of the administrator.
In the special case of an administrator, who is not associated with an Administration Class, the new user or group is also not associated with an Administration Class. Nevertheless, the administrator can, in this case, set the Administration Class of the new user or group explicitly.
The Administration Client filters the visibility of Users and Groups and the actions that are allowed for, an administrative user based on the Administration Class of the user.
When the Administration Class of the administrative user is set, only those users and groups that have the same Administration Class as the administrative user should be visible and changeable.
An administrative user with no Administration Class can see and manage users and groups of any Administration Class and can change the Administration Class of users and groups. Admin class is only editable for a super administrator without its own admin class.
For all other administrators the group Admin class is automatically set to the administrator's admin class.
Quick group access rights panel
In this panel it is possible to set all SignBase and/or SignCheck group access rights for a bank number at once.
Note Per default this panel is not visible. It can be activated by adding this line to the admin.properties file:
UserAdmin.QuickAccess.Visible = 1
In the Reports tab you can display reports of effective rights and audit trails. Effective right reports can be grouped by users or BNO and filtered by a user, a BNO, or users of a group.
Audit reports can be restricted by a date period, and filtered by a user, or users of a group.
After clicking Display, the desired data is displayed in HTML format inside the text area above.
By clicking Browser, the desired data is displayed in an external web browser. So you are able to save the data as an html file or printing the data.
Note
•The audit functionality is not available when using an Oracle database
•Regarding very large reports you should prefer to use the Browser feature which uses less memory and increases performance
