User Privileges and Group-Based Access Control
The ODS user privileges and access restrictions implementation is based on the role-based access control (RBAC) model. According to the model, user permissions are assigned to specific groups or roles that are created for various job functions. A user who is assigned to a particular group gains permissions through those groups to perform particular system functions. If a user is assigned to multiple groups, the user will have access to all resources authorized for all of those groups.
For example, users that are assigned to the CSR group (or role) may not be able to execute such activities as issuing a policy or paying a death benefit. By contrast, a user in an Underwriter group should be able to issue a policy. A user in an administrator group is usually allowed access to all resources.
The following figure shows what application resources are protected by ODS security.
Fig: Hierarchy of User Authorizations
By default, a newly created user account does not have authorizations to access any of the application restricted resources. Authorizations have to be explicitly granted by an OIPA security administrator. When setting up the user groups, an administrator needs to be careful to include only the minimum set of permissions that allow users of a particular group to perform their job functions.
For more information on how to create security groups and manage user accounts please refer to the Rules Palette Help.