Defining user view permissions

User authorization controls how the FTM console accesses the FTM data. The authorization rules that allow FTM console to be able to distinguish among data that belongs to different parties are set as entries within the RES_PERM table. This table is able to maintain authorization restrictions for operational data in multibanking installations.

The database views are able to access to OWNER_ID. The RES_PERM table contains a TYPE field, which is a text field that describes the type of resource permissions. This field can have any value, but some values are defined specifically for a multibanking installation:
DATA_PARTY
Allows users to view operational data belonging to the party specified by RESOURCE.
DATA_PARTY_ALL
Authorizes users to view data belonging to all parties. This value does not require a valid ID on its RESOURCE attribute.
DATA_PARTY_TREE
Authorizes users to view data belonging to the party specified in RESOURCE, or to any party that descends from that party.
For each application, the FTM console determines the set of groups to which a user belongs at login time and checks to see if the group has DATA_PARTY or DATA_PARTY_TREE permissions. It then builds a list of party IDs for each application for which the user has authority, and stores these lists in the session for the user. The lists are added to all SELECT statements executed by the user interface against the operational data, restricting the results to only those belonging to parties for which the user has permissions.
Note: User view restriction requires that WebSphere® Security be activated and properly set up.