Assume that you want to configure a simple multibanking environment that is based on the hierarchy that is
shown in Figure 1. Also, assume that this
environment contains a single application with the current version information that is shown in the following
table.
Table 1. Example of an APP_VERSION table
ID
VERSION
APPLICATION_ID
1000
1.0.0
1
Use the following steps to configure such an environment:
In the PARTY table, define a list of involved parties that reflects the bank hierarchy. Each party has its
own ID. The hierarchy can be traversed by using the ID and PARTY_ID attributes of each record. The
APP_VERSION_ID of each party in this table is 1000, so all parties are associated with the same application
version (with APPLICATION_ID 1 and VERSION 1.0.0). The PARTY table data for this example is shown in Table 2.
Create a security structure that limits each party to viewing only the operational data that it is allowed
to view. This step requires that you create records in the GRP_RES_PERM_REL and RES_PERM tables, as shown in
Table 3 and Table 4.
GRP_RES_PERM_REL specifies:
GROUP_NAME
Each group name is defined in the system authentication repository.
RESPERM_ID
This attribute connects the group to an entry in the RES_PERM table, where resources and permissions are
defined.
APP_ID
This attribute specifies the application to which the resources permissions are granted.
Note: All users of the FTM graphical user interface must be members of the group
FTMUser. Therefore, it is recommended that multibanking view permissions not be assigned to this group.
Otherwise, these permissions would be granted to all users, including users who are added in the
future.
RES_PERM specifies:
ID
A resource permission identifier. This ID is used to link a resource permission to a GRP_RES_PERM_REL
record.
RESOURCE_TYPE
The type of resource to which the permission applies.
RESOURCE
The parties affected by this permission. Ensure that the specified party IDs belong to the application
defined by APP_ID in the GRP_RES_PERM_REL table.
PERMISSION
The type of permission. In this example, View is the only possible value.
The following fields correlate groups with an application and permissions:
RESPERM_ID in the GRP_RES_PERM_REL table
ID in the RES_PERM table
Table 2. Example of a multibanking environment PARTY table
ID
APP_VERSION_ID
PARTY_ID
NAME
100
1000
Null
BankA
200
1000
Null
BankB
300
1000
Null
BankC
120
1000
100
CorporateA1
130
1000
100
CorporateA2
121
1000
120
DepartmentA11
122
1000
120
DepartmentA12
Table 3. Example of a multibanking environment GRP_RES_PERM_REL table
GROUP_NAME
RESPERM_ID
APP_ID
FTMUser
1
1
FTMAdmin
2
1
BankAUser
100
1
BankBUser
200
1
BankCUser
300
1
CorpA1User
120
1
CoprA2User
130
1
DepartmentA11User
121
1
DepartmentA12User
122
1
Table 4. Example of a multibanking environment RES_PERM table
ID
RESOURCE_TYPE
RESOURCE
PERMISSION
1
GUI
Channel
View
2
DATA_PARTY_ALL
all-data
View
100
DATA_PARTY_TREE
100
View
200
DATA_PARTY_TREE
200
View
300
DATA_PARTY_TREE
300
View
120
DATA_PARTY_TREE
120
View
130
DATA_PARTY_TREE
130
View
121
DATA_PARTY
121
View
122
DATA_PARTY
122
View
The data in these tables specifies the following user access and permissions:
Users who belong to the group DepartmentA11User cannot see the data that belongs to the group
DepartmentA12User, and vice versa.
Users who belong to the group DepartmentA11User or DepartmentA12User cannot see the data that belongs to
their parent entity, CorpA1User.
Users who belong to the group CorpA1User can see their own data and the data that belongs to
DepartmentA11User and DepartmentA12User, but not the data that belongs to CorpA2User, or to any other entity
that is situated higher in the hierarchy.
Users who belong to one of the groups BankAUser, BankBUser, or BankCUser can access only data from their
own hierarchies, not data from the hierarchies of another group.
Each group affects a specific party, and that the relationship is the same as the one that is shown in
Figure 1.
All of the permissions to parties, as for other resources, are tied to a specific application.
Only users who belong to FTMAdmin have access to all operational data.
This example uses simple 1:1 relationships (one group is associated with one RES_PERM related to one party
that is related to one application). However, a single group might have several RES_PERM entries. For more
information about using more than one application and how to scale resource permissions, see OAC
Security Data Model.