Scribd Logo
Upload

Welcome to Scribd!

  • September 2011

    Uploaded by

    Zuhair Abdullah Fadhel
    20 views71 pages
    The document discusses security management in the T24 banking system. It covers user creation and profiles, authorization rights including override messages, and sign-on procedures. Key points include setting access levels by user, application, field and function; classifying override messages and defining authorization approval levels; and resetting passwords after inactivity timeout or failed sign-on attempts.

    Original Description:

    Original Title

    Sms

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses security management in the T24 banking system. It covers user creation and profiles, authorization rights including override messages, and sign-on procedures. Key points include setting access levels by user, application, field and function; classifying override messages and defining authorization approval levels; and resetting passwords after inactivity timeout or failed sign-on attempts.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    20 views71 pages

    September 2011

    Uploaded by

    Zuhair Abdullah Fadhel
    The document discusses security management in the T24 banking system. It covers user creation and profiles, authorization rights including override messages, and sign-on procedures. Key points include setting access levels by user, application, field and function; classifying override messages and defining authorization approval levels; and resetting passwords after inactivity timeout or failed sign-on attempts.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 71

    SMS

    September 2011
    Session-wise Plan

    Session I & II
     SMS
    • User creation
    • Access to user profiles
    Session III & IV
     SMS
    • Authorization rights
    • Sign-on & password reset
    • Sign-on deactivation & password reactivation
    Objective

    At the end of this session, participants will


     Appreciate security management system of T24
     Know how to set up security at various levels including user, application, field and function
    levels
    Introduction to SMS
    Security Management System (SMS)

    Security – Prime concern of Banks, irrespective of their size and network


    Bank requires safeguard of:
     Secrecy of Customers and their Accounts,
     Exposure levels,
     Access to data,
     Authorization of financial commitments, etc.
    SMS

     Detects & Stops usage of the system


    • Aids in avoiding fraudulent transactions
     Records unauthorized usage of the system
    • All activities of the users are recorded and a log can be maintained
    SMS in T24
    User Creation
    Why User?

     Bank user/Banker
     For implementing various banking operations through T24
     Banker -> Allowed to perform only specified or enabled operations
     Enhances the security of banking
    User Creation

     Enter USER, I <User-name>


     Enter the mandatory fields
     Commit the record
    User Creation - Input Fields
    New User – Sign On

     Use assigned IP address for T24 browser Sign on


     Enter the User name and password
     Repeat the password to sign into T24
    New User – Sign On

    User is successfully signed-on


    Access to User Profiles
    User Profile Access

     Based on the business profile of user,


    • Access is given to the relevant applications
    • To perform the permitted operations/functions
     Helps in maintaining the confidentiality of the information available in the system
    User Profile Access

     Access restricted to each individual or group of users through -> USER Application
     Any changes to user profile is reflected only when
    • User logs off the system
    • Logs in again using the same user name
    Access Restriction

     Company level restriction is set using “Company Restr” field


     Application level restriction is set using “Application” field
    • ALL.PG -> Allows access to all application
    • <Application-name> -> Allow specific application to the user
     Version level restriction is set using “Version” field
    • <Version-name> -> Version of application set in “Application” field
    Access Restriction

    Function level restriction is set using “Function” field


     A – Authorise
     C – Copy
     R – Reverse
     D – Delete
    Access Restriction

     H – History Restore
     I – Input
     P – Print
     S – See
     V – Verify
     Q – Auditor Review
    Example

    Create a User who is restricted to use:


     Account application with
     Copy, Input, Print and See functions
     In “GB0010001” company
    Solution
    Access Restriction
    Access Restriction

    Time Out Minutes


     Refers to the maximum time after which T24 will log off automatically
     The maximum value allowed in this field is 999 i.e. equal to 10 minutes
    Access Restriction

    Attempts
     Specifies the number of unsuccessful Attempts to sign on allowed using the Sign on
    name of the User record, before the Password is Disabled
     User records Disabled in this way are shown in the Password exception list
     The maximum value allowed in this field is 9
    Unsuccessful User Attempt

     Field ‘ATTEMPTS.SINCE’ -> Stores no. of unsuccessful Attempts to Sign on


     Error Appears as shown, when ATTEMPTS.SINCE is greater than ATTEMPTS
    User Access

     Application ‘PASSWORD.RESET’ -> Reset the password


     Above Application restricted to Bank Administrator
    User linking with Protocol file

    SIGN.ON.OFF.LOG
     Specifies whether or not a record should be written to the Protocol file, recording every
    time this User Signs On/off
    Note: Unsuccessful attempts to SIGN.ON are always logged, regardless of the value in this
    field
    SECURITY.MGMT.L
     Specifies whether or not a record should be written to the Protocol file, every time this
    User accesses any of the Security Management Applications
    User linking with Protocol file

    APPLICATION.LOG
     Specifies whether or not records should be written to the Protocol file, recording every
    Application accessed by this User
    FUNCTION.ID.LOG
     Specifies whether or not full details of every
    • Application,
    • Function and
    • record ID accessed by this User should be recorded in the Protocol file
    USER.SMS.GROUP

     Grouping of Users having same user rights


     Allows definition of restriction at Application & Function level
     Creation of Logical groups that can be attached to User profile
     Avoid repetition of related application in different User profiles
    USER.SMS.GROUP

    Define the required


    conditions for a
    particular user group
    Grouping – Application Level

     User profiles can be group using ID of USER.SMS.GROUP


     Field ‘Application’ -> Attach group name prefixed with ‘@’ symbol
    Grouping – Application Level

     Error appears as shown, preventing user from using the Application attached in
    USER.SMS.GROUP
    Grouping – Field Level

    Field level grouping of user profiles can be done using ID of USER.SMS.GROUP


    Use fields:
     Field No
     Data Comparison
     Data from
     Data to
    Grouping – Field Level

     Define Conditions, based on which the corresponding application is accessed by the


    respective user profile
     Fields -> Interlinked fields
    Grouping – Field Level
    Grouping – Field Level

    Example,
     Any FT record created by this User can only have ‘AC’ as the Transaction Type
    Grouping – Field Level

     Error appears as the User is not allowed to input Transaction type other than ‘AC’ in the FT
    version
    Grouping – Attribute Level

     Attach different attributes to different Users, based on the job specification


     User will be provided access to Menu provided using the field ‘Attribute’
    Grouping – Attribute Level
    Attributes

     COMMAND.LINE -> User is allowed to use command line


     EXPLORER -> Allows the user to use the Application explorers
     ENQUIRY.INDEX -> Allows access to the enquiry index, where the user is given access
    only to enquiries
    Attributes

     REALTIMEENQUIRY -> Allows the use of real time enquiries for this user
     LOCK.PREFERENCES -> Prevents the user from gaining access to various Desktop
    settings including file locations and some system administrative functions
    Attributes

     SUPER.USER -> Allows user access


    • To all of the features
    • For all future functionality with the exception of REALTIMEENQUIRY
     LOCK.DEACTIVATION -> To Disable "Deactivation profile" menu item on desktop menu
    Bar
    Attributes

     LOCK.DESIGNERS -> To disable all Designer's menu items on Desktop menu bar.
     LOCK.MISC.ITEMS -> Prevents the user from gaining access to
    • user toolbar
    • list of enquiries and
    • list of reports in desktop
    Authorization Rights
    Authorization

    T24 generates two types of messages:


     Override message
    • Messages that can be overridden by the User
     Error message
    • Messages should be corrected before the transaction is committed
    • Otherwise, the transaction would be aborted or could not be committed
    Example of Override Message
    Example of Error Message
    Override
    Override

     Warning messages pertaining to a transaction


     Prompted to the user before committing a transaction
     User -> Accept/Reject transaction with the warnings
     Accepting Override message will complete the transaction
    Tables Involved

    Three applications are linked with Override


     OVERRIDE.CLASS.DETAIL -> Define classification & condition
     OVERRIDE.CLASS -> Define Override message & ID of Override Class detail
     OVERRIDE -> Define Override message & Application name
    OVERRIDE.CLASS.DETAILS

     Override message returns variable data elements


     Specify different Override Classes depending on the variable data element
     ID of OVERRIDE.CLASS.DETAILS -> attached to the Field ‘Override Detail’ of
    OVERRIDE.CLASS
    OVERRIDE.CLASS.DETAILS

    Define conditions for Override contract Authorization


    Data Def
     Define order of the variable data element
    Classification
     Define Classifications for Override Class
     Specifies the classification type for the override message
     Allow the user to define different levels of approval within each application, according to
    the nature of the override
    OVERRIDE.CLASS.DETAILS

    Data Def No.


     Define Field No.
     Field No. called based on application defined in Override Application
    Comparison
     Define field level conditions
     It is an operator linking the Data Def in field 1 to the values for comparison in fields 5 & 6
    (Data From & Data To)
    OVERRIDE.CLASS.DETAILS
    OVERRIDE.CLASS

     ID -> Application name e.g. FUNDS.TRANSFER


     Override text
    • Allows the user to define specific classifications for the override messages of the ID application
    • Should be the same as defined in Override application
     Define Record Id from OVERRIDE.CLASS.DETAILS in field ‘Override Detail’
    OVERRIDE.CLASS
    OVERRIDE

     Override Message can be :


    • a simple text e.g. NO LINE ALLOCATED
    • a variable text e.g. Unauthorized overdraft of USD 10000 on account 14613
    • Where, the Currency, Amount and Account number are variable values
     Define valid data type e.g. CCY for Application defined in field ‘Application’
    OVERRIDE
    User Access

    User Application -> Attach Override Classification name in field ‘Override Class’
    User Access
    Example

    Input a contract in FT module, and approve the OVERRIDE in the contract


    FT Contract
    FT Contract - Authorization
    Override - Approval

     ID of the final authorizer -> Appended to the Override Message pre-fixed with a *
     Authorize the record using the User attached with the Override ‘MNGR’
    Sign-On Reset

    Arises when:
     User closes their PC without closing T24
     Hardware or system failure occurs
    Types Of Sign Off

     User Initiated
     Inactive Session
     Hardware Failure
    Password Reset

     Arises when User has forgotten the password


     Security Administrator can use PASSWORD.RESET to clear the old password
    Sign-On De-activation/ Password Reactivation

     User profile can be deactivated and reactivated


     Use -> Tools Menu -> My Profile -> Deactivate Profile
     Enter Deactivation Date & Reactivation Date
    Sign-On De-activation/Password Reactivation
    Summary

    Set up of security management system in T24


     Security at various levels including user, application, field and function levels – USER
    application
     Process level approval – OVERRIDE application
    www.capgemini.com/financialservices

    You might also like