Security at Product Level
A Product is defined in Group as a Group Benefits Plan Template which provides the basis for a Group Customer’s Plan instance and/or serves to group similar Group Benefits Plan Templates (referred to as “Sub-Products”). When Plans are created they will belong to either a Product or Sub-Product. Plans can be created through Group Customer screens or through Palette.
For group policy administration, user has the ability to create plan dynamically using OIPA application. That means user can create plan without using palette and avoids the need of migrating the changes in production environment. But this ability gets defeated as there is no way to give plan level security dynamically. System has the ability to define plan level security at parent product level and all plans should automatically inherit it. This feature will address this need and allow user to create /use plan dynamically without involving any changes to palette. It will also avoid the need for frequent migration of security data from development environment to production environment.
Security ConsiderationWhen a Plan is created through OIPA, plans would receive a copy of parent Product security as default. All levels of security at company and plans as defined in palette , all security levels defined at the immediate parent and all transaction security available to the plan will be copied.
Any Change in permissions for a Plan from this default would need to be made through Palette for that plan
For the copied permissions for the plans created through OIPA to take effect, logout/login back to OIPA is permissible although not preferable
If created in Palette; the security is set up through Plan Security Node in Admin Explorer. When Created through OIPA, at present user is forced to set up security via palette to access the plan pages in OIPA. The palette changes and security changes defined in this document will allow user to set up security at Product level or sub product level which a plan can use as default. For Plans created in OIPA, this would allow user to access plan Pages without the need to set up security permissions via palette.
Setting up Plan Pages security at Product Level or Child Product Level in PaletteTo set up Product level Security, user would need to navigate to the Admin Explorer in Palette
User opens Security | Application Security | Security Group | Name of the Security Group |Plan Security
Expanding Plan Security Node currently lists all companies and subsidiary Companies in OIPA at the same level
Under each subsidiary company, all products available under it will be displayed
Expanding a Product name will display the following :
1. Product Name Node
2. Plan Pages Folder
3. Plan Folder ( Contains individual plan nodes for all plans available under this Product)
4. hierarchically display Child Product Nodes if any
![]()
Security can be set up at Product level for the plan pages. Plans under the product will not inherit this security automatically .Any changes to the Plan pages security at product level would NOT propagate downstream. But any plan created in OIPA under the product will copy this security set up as default .
For any Child Products under the Product hierarchy. Plans under the child product will not inherit child product security automatically .Any changes to the Plan pages security at Child product level would NOT propagate downstream . But any plan created in OIPA under the child product will copy this security at set up as default .
When a Product or Child Product or Plans are created in Palette, there will not be any default security. User would need to go to Admin Explorer and set up the security permissions for plan pages explicitly at any level
Provide right click menu options at each parent or child Product name nodes that will allow user provision to Grant Access to all plan pages or Remove access to all plan pages. User can also individually set security by opening plan pages folder and navigating to each plan page security node
Additional to above two right click menu options, provide option at Child Product/s and plan levels on right click to "Copy Parent Access". This will allow option for user to copy a parents security permissions to a child instead of creating from scratch. User can then edit those permissions or keep it as is for that level. Please note that this option to copy parent access is available only if security permissions are available at immediate parent. If security is not set up at immediate parent , do not show this option on right click.
Wherever copy parent access option is allowed and user selects it , give a message which user would confirm with OK as: "Existing security will be overwritten if this operation is completed.
Before a plan security is set up , it is not required to set up Product and Child Product security in the hierarchical structure, but it is up to the configure to take care of the fact that if a plan is created dynamically in OIPA, there needs to be security permissions available at the immediate parent for plans to be accessible for the users without setting up permissions in palette for those plans
While checking in security permissions at product and Child product level in Palette, give the following warning message when there are children in lower hierarchy (plans or child products) available : "The security permissions will not be automatically copied down to products or plans in lower hierarchy"
All Plan level security set up functionality available today will not change and will continue to be available as is.
Setting up Transaction Security in Palette at Product/ Child product LevelsAfter Company, Product and /or Plan security have been defined, the transactions associated with the company, Product and plans are displayed under the Transaction Security folder in Admin Explorer
Currently all companies and subsidiary companies will be displayed under the transaction security node at the same level like in plan security
Under each subsidiary company , all product name nodes will appear
Opening the individual products will display Transactions Folder that would list all transactions under the product , Plans Folder ,Child Products Folder in that specific order. Within Plan Folder, all Plans under the Product will be displayed . Opening the node for the plans will display all plan transactions
Within the child product folder all Child product names available will be displayed. Under each Child Products, the hierarchical display of folders will be similar to Product, as shown in below image
Security can be added or removed to all transactions in a product by right-clicking on the product name node. Security can also be assigned to individual transactions by opening the Product folder and then the transactions folder and then selecting specific transaction.
Security can be added or removed to all transactions in a child product/s by right-clicking on the child product's name. Security can also be assigned to individual transactions by opening the child Product folder and selecting a specific transaction. Plans under the child product will be displayed under child product hierarchically
Opening up plan folder will list all plans under the Product or child product/s. Security can be set up for Plan transactions as it is currentlyWhen a transaction is created at Product level , those transaction nodes will be added to downstream child products and Plans in Palette currently. When transactions are created at child product level, those transaction nodes are also added to Plans underneath. In palette transaction security , allow option at Child Product and Plans below to copy parent transaction security permissions access on right click. This option will be available only if security permission setting are available for those transactions at immediate parent level. The right click menu option will be "Copy Parent Access ". When user selects this option , give a warning as : "Existing security will be overwritten if this operation is completed. Do you wish to continue?"
While checking in security permissions at product and Child product level transactions in Palette, give the following warning message when there are children in lower hierarchy (plans or child products) available : "The security permissions will not be automatically copied down to products or plans transactions in lower hierarchy"
Configuration Detail :This feature has not introduced any new configuration or changes to existing configuration, but plan pages under product and transactions currently within the product hierarchy would need security manually added.