Right Management up to Version 3.6
Since many versions in CashPooler (which became part of CashSolutions), given the large scope of the tasks to be performed in the product and the need to limit the privileges for each type of user, user rights management per unit (or per user group) has become essential.
The basic rights are the followinf:
- action rights (view, enter, delete, sign…)
- rights to entities, or perimeter (which can be used at the entity level – issuers – and also categories of third parties, interfaces, filters, etc., according to needs)
- navigation rights, or profiles (which reduce the number of accessible menus for a user population)
- confidentiality rights (the level of confidentiality makes it possible to hide or not certain data in the application, for example salary payments)
- “administrator” or “validator” rights to manage users and workflows in the application
So far in CashSolutions, share rights are managed by table. For example, a user may have:
- the right to enter payments on the SEPA Credit Transfers table
- the right to validate batches (send for signature) on the SEPA Credit Transfers table
- the right to sign on the Non-SEPA Credit Transfers table
These rights are applied depending on the scope within which he may work (the “Entity Rights”). Thus, if our user has the right to enter payments on the SEPA Credit Transfers table, and if his scope is limited to the ENT_SEPA entity, he can only enter payments with this issuer.
Actions rights (such as scope) can be allocated individually or collectively, via group settings.
This model of crossing rights and perimeter has proven its worth with our clients. However, up to version 3.6, if a user wanted to be assigned more specific rights on particular entities (e.g. payment entry right on the SEPA Credit Transfers table for ENT_SEPA_1 and batch validation right on the SEPA Credit Transfers table for ENT_SEPA_2 without entry right), this was not possible. However, aware of the realities of the business, the diversity of configurations and the impossibility of applying specific action rights to a perimeter of entities, DataLog Finance will now propose a 3D matrix.
Evolution and appearance of a 3rd dimension
In the new version, action and entity rights have been relooked to further modulate the user framework, in the manner of a Venn diagram. It is no longer a question of applying share rights to a perimeter, but of linking an action and one or more perimeters.
This “3D matrix”, available with Treasury Line, allows a user’s rights to be defined in relation to different perimeters, for example.
Thus, in the future, a user may have:
- the right to enter payments on the SEPA Credit Transfers table for ENT_SEPA_1 only
- the right to validate batches on the SEPA Credit Transfers table for ENT_SEPA_2 only
- the right to sign batches on the SEPA Credit Transfers table for ENT_SEPA_3 only
This matrix thus makes it possible not only to define a more precise perimeter, but also to reflect the multiplicity of possible roles in important structures, where the organization is not fixed.
In addition, the groups of action rights are now replaced by “roles”. Previously, a user could only belong to a rights group. In the upcoming version, a user can have multiple roles, linked to different entities.
Offering multiple possibilities, the “3D matrix” does not call into question the functioning of the previous versions of our solutions. It is entirely possible to maintain the current use of rights and to use this new possibility only in special cases.
With the 3D matrix, new opportunities are now available to Treasury Line users.