Setting up Operator Security record in Smart Investigate

From PegaWiki
Setting up Operatory Security record in Smart Investigate / This is the approved revision of this page, as well as being the most recent.
Jump to navigation Jump to search

Setting up Operator Security record in Smart Investigate

Description Describes the procedure to set access restriction for users in Smart Investigate
Version as of 8.5
Application Pega Smart Investigate for Payments
Capability/Industry Area Financial Services



Creating Smart Investigate for Payments Security Levels[edit]

Within an organization, certain users must be restricted from viewing or working on some of the assignments. Smart Investigate for Payments has four security levels that can be used to define what work objects or assignments users can access. The criteria for deciding the level of access restriction are a user’s assigned role, operational unit (for example, branch), and business area (for example, Payments) related to the investigation case. Client requirements use one or more criteria, with the significance and order of each, carrying varying weights. Smart Investigate for Payments provides a fully customizable set of rules that allow organizations to restrict or prohibit access based on multiple layers of security. Three of the rules must be assigned to an individual user, and a fourth is based on the user’s access group. The security levels assigned to users are defined in their Data-Admin-Operator-Security profiles. This table illustrates typical business segmentation for security levels

Level Definition Example
1 Financial institution Bank name (one or many for a multi-bank scenario)
2 Division of financial institution Either branch or business area
3 Further division of level 2 Either branch or business area
4 Further division of level 3 A team within a branch or business area
Worklist or Workbasket Lowest division of work An individual operator or workbasket within a team

An initial task in the deployment of Smart Investigate for Payments is the definition of a business model. The business model defines how the levels will be used and what values each level will contain. These levels are then defined in the system prior to being assigned to a user.

Steps to deploy Smart Investigate security solution[edit]

1. Configure security levels 1, 2, and 3.

2. Define the evaluation logic for the SetSecurityAccessMode decision tree rule (of type RuleDeclare-DecisionTree).

3. Define the decision table rule SetLevel1Instance (of type Rule-Declare-DecisionTable).

4. Set initial Security instances (of type Data-Admin-Operator-Security): − Verify that Data-Admin-Operator-Security instances reference the activity SIOperatorLogon Note: Follow below chapters in sequence to deploy the Smart Investigate for Payments security solution.

Configuring level 1 security[edit]

Level 1 security is a financial institution. For example, a bank name. Set the level 1 security for your organization.

Each time an operator changes the work pool class in focus, (representing a switch between entities in a multi-bank scenario), the list of assigned values for this operator is re-evaluated. Smart Investigate for Payments comes with one sample value for Level 1, named MyBank.

1. Open the Data-Operator-Security-Level1 landing page through given link.

2. Click on Refresh button.

3. Click Create. Enter a key to identify your level 1 instance. Click Create and Open. The Operator Security form for level 1 appears.

4. Complete the form fields which are described in the next task.

5. Click Save.

6. Repeat the process for each level 1 value you want to add.

Below is the sample Configuration:

Configuring level 2 security[edit]

Level 2 security is division of financial institution. Example: Either branch or business area.

1. Open the Data-Operator-Security-Level2 page through given link.

2. Click on Refresh button.

3. Click Create. Enter a key to identify your level 2 instance. Click Create and Open. The Operator Security form for level 2 appears.

4. Complete the form fields which are described in the next task.

5. Click Save.

6. Repeat the process for each level 2 value you want to add.

Below is the sample Configuration:

Configuring level 3 security[edit]

Level 3 security is further division of level 2. Example: Either branch or business area.

1. Open the Data-Operator-Security-Level3 landing page through given link.

2. Click on Refresh button.

3. Click Create. Enter a key to identify your level 3 instance. Click Create and Open. The Operator Security form for level 3 appears.

4. Complete the form fields which are described in the next task.

5. Click Save.

6. Repeat the process for each level 3 value you want to add.

Below is the sample Configuration:

Defining logic for setSecurityAccessMode decision tree[edit]

During the log-in process, the activity OpenOpSecurInstance (Data-Admin-Operator-Security) evaluates the decision tree rule setSecurityAccessMode to determine which access mode option (Individual, Group, Unit, Division, or Organization) is applicable for the user.

Defining the logic for SetLevel1Instance decision table[edit]

The decision table rule SetLevel1Instance is referenced by the security module for determining the name of the current work pool selected and is matched with its level 1 key value.

Configuring new Operator Security Instance[edit]

For each Operator ID instance there should be a "Data-Admin-Operator-Security" Instance with identifier same as Operator ID identifier.

Add a new Data-Admin-Operator-Security Instance[edit]

1. Open the Data-Admin-Operator-Security landing page through given link.

2. Click on Refresh button.

3. Click Create.

4. Enter the User Identifier and click Create to display the Operator Security form. The user identifier must match an existing instance of Data-Admin-Operator-ID.

5. Complete the form fields in all tabs which are described in the below tasks.

6. After all fields have been entered, click Save.

7. Repeat the process for each Operator security instance you want to add.

Refer SIOperatorLogon activity from operator instance[edit]

The activity to enable this is Data-Portal.SIOperatorLogon and must be referenced in the operator’s Data-Admin-Operator-ID instance on the Security tab.

Verify all implementation operator instances[edit]

in the login process, details from the operator’s DataAdmin-Operator-Security instances are copied to the clipboard. The security function then references the clipboard to access the data.