- 22 Oct 2024
- 3 Minutes to read
- DarkLight
Role Administration
- Updated on 22 Oct 2024
- 3 Minutes to read
- DarkLight
Risk Analytics users must be assigned the adequate permission clearance levels to view and handle the data in Risk Analytics. These permission clearance levels, or clearance subscriptions, have security settings applied to them to adhere to data protection laws and security levels. By creating various user roles with different subscription combinations you are able to cover various sets of security requirements. This allows you to control the permissions given to each role for the set of users you group together in such a role.
Risk Analytics Presentation Service offers the following pre-defined roles by default:
ADMIN_ROLE. Users with this role are administrators with access to all product features, except for the following:
Administrators cannot access the RA Environments tab and related functionalities. This functionality is available for master administrators only (see note below).
By default, administrators cannot add new roles or manage clearance subscriptions. These functionalities are controlled by two clearance levels: Can Create Roles and Can Manage Clearance Subscriptions, respectively. By default, these two levels are disabled for regular non-master administrators, and only available for master administrators (see note below). However, it is possible to grant non-master administrators these rights by enabling the two related clearance levels.
Default clearances of master administrators and non-master administrators are hardcoded. Therefore, these clearances cannot be removed.
Users with the ADMIN_ROLE created by default in a Risk Analytics schema (master environment) are master administrators of all the environments of the schema (host control). The clearances subscribed for ADMIN_ROLE in this master environment have no effects.
Master administrators implicitly have access to all the Risk Analytics Presentation Service screens and functionalities. These include the RA Environments tab (and related functionalities), and the permission to add new roles and manage clearance subscriptions (for any environments in the schema).
The master environment should not be used for other purposes than managing secondary environments of a Risk Analytics schema. It is not recommendable to use the master environment for production purposes (e.g. digital banking, corporate banking).
User Manager. Users with this role can create other Risk Analytics Presentation Service users (in the current environment only) and assign them the necessary roles. They have also access to the Reporting page and the Personal Settings.
The User Manager role must be considered with particular attention. Users with this role can create users with other roles (having potentially more permissions) and define the initial password for these users. Therefore, user managers can indirectly extend their own privileges by creating additional users and logging on with these users.
User managers should be created and used only for administrators expecting reduced permissions in the environment. The user will thus have less privileges when logged in with their user manager account than with their standard administrator account.
User managers in the first environment (master environment) cannot create users with ADMIN_ROLE. Users with ADMIN_ROLE in the first environment are master administrators (host control), and new master administrators can be created only by master administrators.
Fraud Manager. Users with this role have access to all product features except for User Administration, Role Administration, Application Settings and the RA Environment tab (and related functionalities).
Fraud Analyst. Users with this role can review events, access all screens of the SUPERVISE & INVESTIGATE menu, and also have access to the Reporting and Personal Settings pages. Fraud analysts can view alerts and rules but they cannot modify or create them.
Customer Agent. Users with this role have access to the Risk & Relationship Management page in read-only mode and to the Personal Settings. The Customer Agent role provides a read-only access to Risk Analytics allowing the user to query on certain specific transactions or customer account. This role does not grant any access to work on alerts, view rules, reports etc.
MIS Reporter. Users with this role are able to extract reports from Risk Analytics and have also access to the Reporting page and the Personal Settings. They do not have access to queues, alerts, rules, etc.
Application Manager. Users with this role have access to the Application Settings (to create and/or change certain Risk Analytics application parameters), to the Export/Import environment configuration, and to the Personal Settings.
Checker. Users with this role have access to the Audit page, the Reporting page, and the Personal Settings.