Entitlements Flashcards

1
Q

What are entitlements?

A

Entitlements define what a user is allowed to do using a specific system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What types of entitlements are there?

A

Access Control - Governs and enforces the data a user has access to, the business functions he or she can perform on that data and the additional constraints that apply when performing business functions.

Limits - Manage additional constraints on top of the permissions granted using Access Control. This allows banks and their customers to define financial constraints on different levels ranging from transactions limits on one-off payment orders to daily liits on an individual user

Approvals - Approvals works in conjunction with any process to enable requiring approval from one or more users before proceeding with the process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a legal entity?

A

Any person or non-person entity that is involved in a transaction or an arrangement with the bank. Both the bank and its customers are legal entities

Legal entities has one or more users that act on its behalf

Owner of users and arrangements and other legal entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe the hierarchy of a legal entity

A

There is always a root level, usually a bank. The root can have several bank branches as children. The bank branches can have customers or businesses or departments as children.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a user?

A

A person that interacts with the Bank using our Banking Applications on behalf of themselves or the legal entity they are representing

For retail customer the relationship is usually one-to-one legal user to legal entity

For corporate it can be one legal entity to many users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a product?

A

The financial instruments that a bank can sell. Ex, credit card, debit card, current account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an arrangement?

A

When a product is sold to a customer, it becomes an arrangement. Another way to think about it is arrangement is an instance of a product associated with a customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an account group(data group)?

A

A grouping mechanism for for a set of arrangements. They can be combined with job roles to assign permissions to users. You always assign the permissions to the group, not the arrangement!

They are unique in the scope of a service agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a business function?

A

A logical function that represents a method on the backend.

Ex manage.user.profiles, manage.notifications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a privlidge

A
What can be assigned to a business function. 
Execute
View
Create
Edit
Delete
Approve
Cancel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are applicable function privileges?

A

applicable function privileges define the privileges that are available for a specific business function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a job role?

A

A combination of business functions.
Defines what a user can do
Job roles can be constrained by limits
Are assigned to users optionally combined with product groups

For example, job roles for contact management do not need to be associated with an arrangement. However job roles associated with transactions functionality would need to be associated with an arrangement/product group

Limits can be assigned to job roles. Ex you can only execute $50k in sepa payments per month.

THIS IS CALLED FUNCTION GROUP IN THE DATABASE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a service agreement?

A

A contract that includes one or more legal entities. A service agreement is created every time a legal entity is created.

A legal entity that is associated with a service agreement can share users and/or arrangements. Each service agreement defines the access given across one or more legal entities given to these users.

It is a way to give third party users specific access to your arrangements

Hookup for permissions and access to arrangements across multiple legal entities via permissions and data groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How are permissions assigned?

A

Assigning permissions is essentially assigning a join of a service agreement, an account group (set of arrangements) and job role (set of function privlidges)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is context?

A

The context of the service agreement.

A user may belong to multiple service agreements. In order to correctly enforce permissions. When a user logs in, they must log in in the context of a service agreement. In the UI, this basically means the user needs to select their service agreement from a dropdown at login.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the role of a admin

A

An admin is someone who can assign permissions within a service agreement and that service agreements child service agreements.

17
Q

What are the 5 steps for securing a service with entitlements

A
  1. Create new business function into table ‘business_function’
  2. Insert applicable business privilege into ‘applicable_function_privliege’ - to say which permissions exist
  3. Insert assignable_permission_set to say which permissions can be assigned.
  4. Create a job role/function group via an API call
  5. Assign function group to bank user via API (http put)
    You don’t need to include a data group with this request if it is not acting on a resource like an account