Scribd
Upload
87 views

September 2011

The document discusses security management in the T24 banking system. It covers user creation and profiles, authorization rights including override messages, and sign-on procedures. Key points include setting access levels by user, application, field and function; classifying override messages and defining authorization approval levels; and resetting passwords after inactivity timeout or failed sign-on attempts.

Uploaded by

Zuhair Abdullah Fadhel
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
87 views

September 2011

The document discusses security management in the T24 banking system. It covers user creation and profiles, authorization rights including override messages, and sign-on procedures. Key points include setting access levels by user, application, field and function; classifying override messages and defining authorization approval levels; and resetting passwords after inactivity timeout or failed sign-on attempts.

Uploaded by

Zuhair Abdullah Fadhel
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 71

SMS

September 2011
Session-wise Plan

Session I & II
 SMS
• User creation
• Access to user profiles
Session III & IV
 SMS
• Authorization rights
• Sign-on & password reset
• Sign-on deactivation & password reactivation
Objective

At the end of this session, participants will


 Appreciate security management system of T24
 Know how to set up security at various levels including user, application, field and function
levels
Introduction to SMS
Security Management System (SMS)

Security – Prime concern of Banks, irrespective of their size and network


Bank requires safeguard of:
 Secrecy of Customers and their Accounts,
 Exposure levels,
 Access to data,
 Authorization of financial commitments, etc.
SMS

 Detects & Stops usage of the system


• Aids in avoiding fraudulent transactions
 Records unauthorized usage of the system
• All activities of the users are recorded and a log can be maintained
SMS in T24
User Creation
Why User?

 Bank user/Banker
 For implementing various banking operations through T24
 Banker -> Allowed to perform only specified or enabled operations
 Enhances the security of banking
User Creation

 Enter USER, I <User-name>


 Enter the mandatory fields
 Commit the record
User Creation - Input Fields
New User – Sign On

 Use assigned IP address for T24 browser Sign on


 Enter the User name and password
 Repeat the password to sign into T24
New User – Sign On

User is successfully signed-on


Access to User Profiles
User Profile Access

 Based on the business profile of user,


• Access is given to the relevant applications
• To perform the permitted operations/functions
 Helps in maintaining the confidentiality of the information available in the system
User Profile Access

 Access restricted to each individual or group of users through -> USER Application
 Any changes to user profile is reflected only when
• User logs off the system
• Logs in again using the same user name
Access Restriction

 Company level restriction is set using “Company Restr” field


 Application level restriction is set using “Application” field
• ALL.PG -> Allows access to all application
• <Application-name> -> Allow specific application to the user
 Version level restriction is set using “Version” field
• <Version-name> -> Version of application set in “Application” field
Access Restriction

Function level restriction is set using “Function” field


 A – Authorise
 C – Copy
 R – Reverse
 D – Delete
Access Restriction

 H – History Restore
 I – Input
 P – Print
 S – See
 V – Verify
 Q – Auditor Review
Example

Create a User who is restricted to use:


 Account application with
 Copy, Input, Print and See functions
 In “GB0010001” company
Solution
Access Restriction
Access Restriction

Time Out Minutes


 Refers to the maximum time after which T24 will log off automatically
 The maximum value allowed in this field is 999 i.e. equal to 10 minutes
Access Restriction

Attempts
 Specifies the number of unsuccessful Attempts to sign on allowed using the Sign on
name of the User record, before the Password is Disabled
 User records Disabled in this way are shown in the Password exception list
 The maximum value allowed in this field is 9
Unsuccessful User Attempt

 Field ‘ATTEMPTS.SINCE’ -> Stores no. of unsuccessful Attempts to Sign on


 Error Appears as shown, when ATTEMPTS.SINCE is greater than ATTEMPTS
User Access

 Application ‘PASSWORD.RESET’ -> Reset the password


 Above Application restricted to Bank Administrator
User linking with Protocol file

SIGN.ON.OFF.LOG
 Specifies whether or not a record should be written to the Protocol file, recording every
time this User Signs On/off
Note: Unsuccessful attempts to SIGN.ON are always logged, regardless of the value in this
field
SECURITY.MGMT.L
 Specifies whether or not a record should be written to the Protocol file, every time this
User accesses any of the Security Management Applications
User linking with Protocol file

APPLICATION.LOG
 Specifies whether or not records should be written to the Protocol file, recording every
Application accessed by this User
FUNCTION.ID.LOG
 Specifies whether or not full details of every
• Application,
• Function and
• record ID accessed by this User should be recorded in the Protocol file
USER.SMS.GROUP

 Grouping of Users having same user rights


 Allows definition of restriction at Application & Function level
 Creation of Logical groups that can be attached to User profile
 Avoid repetition of related application in different User profiles
USER.SMS.GROUP

Define the required


conditions for a
particular user group
Grouping – Application Level

 User profiles can be group using ID of USER.SMS.GROUP


 Field ‘Application’ -> Attach group name prefixed with ‘@’ symbol
Grouping – Application Level

 Error appears as shown, preventing user from using the Application attached in
USER.SMS.GROUP
Grouping – Field Level

Field level grouping of user profiles can be done using ID of USER.SMS.GROUP


Use fields:
 Field No
 Data Comparison
 Data from
 Data to
Grouping – Field Level

 Define Conditions, based on which the corresponding application is accessed by the


respective user profile
 Fields -> Interlinked fields
Grouping – Field Level
Grouping – Field Level

Example,
 Any FT record created by this User can only have ‘AC’ as the Transaction Type
Grouping – Field Level

 Error appears as the User is not allowed to input Transaction type other than ‘AC’ in the FT
version
Grouping – Attribute Level

 Attach different attributes to different Users, based on the job specification


 User will be provided access to Menu provided using the field ‘Attribute’
Grouping – Attribute Level
Attributes

 COMMAND.LINE -> User is allowed to use command line


 EXPLORER -> Allows the user to use the Application explorers
 ENQUIRY.INDEX -> Allows access to the enquiry index, where the user is given access
only to enquiries
Attributes

 REALTIMEENQUIRY -> Allows the use of real time enquiries for this user
 LOCK.PREFERENCES -> Prevents the user from gaining access to various Desktop
settings including file locations and some system administrative functions
Attributes

 SUPER.USER -> Allows user access


• To all of the features
• For all future functionality with the exception of REALTIMEENQUIRY
 LOCK.DEACTIVATION -> To Disable "Deactivation profile" menu item on desktop menu
Bar
Attributes

 LOCK.DESIGNERS -> To disable all Designer's menu items on Desktop menu bar.
 LOCK.MISC.ITEMS -> Prevents the user from gaining access to
• user toolbar
• list of enquiries and
• list of reports in desktop
Authorization Rights
Authorization

T24 generates two types of messages:


 Override message
• Messages that can be overridden by the User
 Error message
• Messages should be corrected before the transaction is committed
• Otherwise, the transaction would be aborted or could not be committed
Example of Override Message
Example of Error Message
Override
Override

 Warning messages pertaining to a transaction


 Prompted to the user before committing a transaction
 User -> Accept/Reject transaction with the warnings
 Accepting Override message will complete the transaction
Tables Involved

Three applications are linked with Override


 OVERRIDE.CLASS.DETAIL -> Define classification & condition
 OVERRIDE.CLASS -> Define Override message & ID of Override Class detail
 OVERRIDE -> Define Override message & Application name
OVERRIDE.CLASS.DETAILS

 Override message returns variable data elements


 Specify different Override Classes depending on the variable data element
 ID of OVERRIDE.CLASS.DETAILS -> attached to the Field ‘Override Detail’ of
OVERRIDE.CLASS
OVERRIDE.CLASS.DETAILS

Define conditions for Override contract Authorization


Data Def
 Define order of the variable data element
Classification
 Define Classifications for Override Class
 Specifies the classification type for the override message
 Allow the user to define different levels of approval within each application, according to
the nature of the override
OVERRIDE.CLASS.DETAILS

Data Def No.


 Define Field No.
 Field No. called based on application defined in Override Application
Comparison
 Define field level conditions
 It is an operator linking the Data Def in field 1 to the values for comparison in fields 5 & 6
(Data From & Data To)
OVERRIDE.CLASS.DETAILS
OVERRIDE.CLASS

 ID -> Application name e.g. FUNDS.TRANSFER


 Override text
• Allows the user to define specific classifications for the override messages of the ID application
• Should be the same as defined in Override application
 Define Record Id from OVERRIDE.CLASS.DETAILS in field ‘Override Detail’
OVERRIDE.CLASS
OVERRIDE

 Override Message can be :


• a simple text e.g. NO LINE ALLOCATED
• a variable text e.g. Unauthorized overdraft of USD 10000 on account 14613
• Where, the Currency, Amount and Account number are variable values
 Define valid data type e.g. CCY for Application defined in field ‘Application’
OVERRIDE
User Access

User Application -> Attach Override Classification name in field ‘Override Class’
User Access
Example

Input a contract in FT module, and approve the OVERRIDE in the contract


FT Contract
FT Contract - Authorization
Override - Approval

 ID of the final authorizer -> Appended to the Override Message pre-fixed with a *
 Authorize the record using the User attached with the Override ‘MNGR’
Sign-On Reset

Arises when:
 User closes their PC without closing T24
 Hardware or system failure occurs
Types Of Sign Off

 User Initiated
 Inactive Session
 Hardware Failure
Password Reset

 Arises when User has forgotten the password


 Security Administrator can use PASSWORD.RESET to clear the old password
Sign-On De-activation/ Password Reactivation

 User profile can be deactivated and reactivated


 Use -> Tools Menu -> My Profile -> Deactivate Profile
 Enter Deactivation Date & Reactivation Date
Sign-On De-activation/Password Reactivation
Summary

Set up of security management system in T24


 Security at various levels including user, application, field and function levels – USER
application
 Process level approval – OVERRIDE application
www.capgemini.com/financialservices

You might also like