Groups
Groups contain users and are granted permissions. You can use groups that are provided by the reference implementation of the deployed FTM solution or create groups that fit your organization's needs with custom names and descriptions.
Groups
Out of the box, FTM provides two sets of groups – one represents personas or roles of a typical customer; the other represents components in FTM. These reference groups have permissions that are assigned, but the assignments can be modified as needed.
For the list of role-based security groups that are provided by the FTM reference implementation, see Persona security groups.
For the list of security groups corresponding to FTM components, see Component-based security groups.
Creating, editing, and deleting groups
To create, edit, or delete groups, the user must be logged in to the Control Centerwith a user ID. This user ID needs to be a member of a group that has permissions to manage groups.
- Go to the groups page.
- Click Create located in the upper right of the page.
- Enter a name and description for the group.
- Click Save to add the group.
- Go to the groups page.
- Locate the group to edit in the list of groups.
- Click the name of the group. The details of the group are displayed as read-only.
- Click Edit to edit the group.
- Update the information for the group.
- Click Save to save the changes.
- Go to the groups page.
- Click Delete corresponding to the group to be deleted.
Persona security groups
The reference implementation for your FTM solution creates a set of persona security groups representing common business roles for processing payments in financial institutions and service providers. These groups simplify security configuration by aligning permissions with real-world responsibilities, providing a great starting point for further customization.
Persona security groups and their permission assignments are defined in the DSU
import workbooks with other artifacts that make up the solution's reference implementation.
Groups and Group Perm Links are the two relevant worksheets.
The table below lists each persona group, their applicable FTM solutions, and a high-level description of the group's authority.
| Group name | Applicable solutions | Description |
|---|---|---|
| Administrator - System | All | Ability to configure component properties and performance monitoring. Access system logs, audit, alerts, and system overview. No security access. |
| Analyst - Business | All | Read or write access to participant directory, transaction processing rules, endpoints or sidepoints, and system configuration. Access to logs, audits, and alerts. Entitlements configuration. |
| Analyst - Financial | All | Read or write access to settlement and financial related approvals. Access to logs and audit. |
| Customer Service Representative (CSR) | All | Read and some edit access to the participant directory. Access to all payment grids with limited actions such as cancel, return, request for recall, etc. |
| Customer Service Representative (CSR) Supervisor | All | CSR capability, plus additional write access to the participant directory. |
| IT - Programmer/Developer | All | Read authority full system. |
| IT - Report/Dashboard Developer | All | Read or write access to the Cognos configuration page. Read access to payment grids. |
| IT - Security Officer | All | Read or write access to security pages. |
| IT - Supervisor | All | Same authority as IT - Programmer/Developer, plus ability to pause or resume system input or output (Gateway Servers, JSE listeners) and ITS purge. Perform Gateway Server file resync. |
| Line of Business (LOB) Manager | All | Ability to view the system overview page. |
| Operations - Amount Keying Operator | Check | Full access to amount keying runtime actions, but no ability to configure. Ability to view the system overview page. |
| Operations - Balancing Operator | Check | Ability to perform TCR and adjustments operations. View access to adjustment types configuration and the system overview page. |
| Operations - Balancing Supervisor | Check | Same authority as Operations - Balancing Operator, plus the ability to assign and approve balancing work. |
| Operations - Distribution Operator | All | Read only access to settlement runtime and received and originated pages. Full access to outgoing and sent pages, except remapping. Ability to view the system overview page. |
| Operations - Duplicate Detect Operator | Check | Full access to duplicate detect runtime actions, but no ability to configure. Ability to view the system overview page. |
| Operations - Image Review Operator | Check | Full access to image review runtime actions, but no ability to configure. Ability to view the system overview page. |
| Operations - Message Entry | All, except Check | Ability to view the transactions grid and initiate payments. Ability to view the system overview page. |
| Operations - Repair Operator | All | Full access to repair transactions, but no ability to configure. Ability to view the system overview page. |
| Operations - Supervisor | All | Access to all actions for system monitoring, system management, exceptions and investigations, and outgoing and sent pages. Read access to participant directory, transaction processing, risk, and system configuration. |
| Operations - Vetting Operator | All, except Check | Full access to review transactions flagged by a vetting engine. Ability to view the system overview page. |
| Risk Officer | All | Read and edit access to the participant directory, plus the ability to manage risk limits. |
| Super User | All | Access to all the Control Center pages, sensitive data, and user actions. The only exceptions are destructive user actions, such as clearfs, clearxs, fail bank, etc. |
| Web Services Users | All | Ability to execute all web services. |
Component-based security groups
Historically, FTM database build scripts created a set of security groups per component. These groups are being replaced by persona security groups that are defined by Data Setup Utility (DSU) import workbooks. The current release includes both sets, but the component-based groups are now considered deprecated. A near-term future FTM release will eliminate creation of these groups when building new databases. Existing security groups in migrated databases are not impacted by the removal.
The deprecated component-based groups are shown in the following list.
- Auto Adjustment Users
- Business Rule Administrators
- Configuration Administrators
- Distribution Administrators
- Distribution Supervisors
- Distribution Users
- Duplicate Detect Administrators
- Duplicate Detect Supervisors
- Duplicate Detect Users
- FTM Administrators
- Gateway Administrators
- Gateway Supervisors
- Gateway Users
- Image Review Administrators
- Image Review Supervisors
- Image Review Users
- Payment Feature Services (PFS) Web Services
- Payment Feature Services Gateway Web Services
- Payment Repair Administrators
- Payment Repair Supervisors
- Payment Repair Users
- Risk Administrators
- Risk Supervisors
- Risk Users
- Settlement Administrators
- Settlement Users
- TCR Administrators
- TCR Supervisors
- TCR Users
- Transaction Server Administrators
- Transaction Server Supervisors
- Transaction Server Users
- Users
- Vetting Control Administrators
- Vetting Control Supervisors
- Vetting Control Users