Day 2 - Session 1-3 - SMS

Security Management System
Day 2 – Session 1 - 3
Security Management System
Dates
22/02/2011 Tech Support Program
Venue
Microcred, Senagal
SMS in T24
2 Thesys Training Centre

SMS in T24
 SMS in T24 can restrict access to T24 applications only

 Access to network , OS and jBase cannot be controlled
• Ex : Changing record from backend, ftp access

User Creation
Why User?
 For every user who is allowed to use T24, a user record

should be created
 This USER record provides the user information, access
details and log details
 Users can be classified as
• Internal – Bank Employees
• External – IB users

User Creation
 Enter USER, I <User-name>

 Enter the mandatory fields
 Commit the record

USER PROFILE

USER PROFILE

USER PROFILE
 SIGN ON NAME
• Name entered by the user to access T24 system
• Must be different from USER ID
• Must be unique
 CLASSIFICATION
• Identifies whether the user is an employee of the bank or
• Customer of the bank
– INT - Bank employee
– EXT - Customer

USER PROFILE
 COMPANY CODE
• Specifies the company codes for which the user has got access
 PASSSWORD VALIDITY
• Specifies the Frequency and Date of password change
• Frequency setup is done based on the bank policy
• System will recycle the date automatically

USER PROFILE
 START DATE PROFILE

• Specifies the date from which the user can access T24
• This date should not be lesser than today
 END DATE PROFILE

• Specifies the date till which the user can access T24
– Ex : For external consultants system access can be granted for 3
months

USER PROFILE
 START TIME
• Specifies the time from which the user can access T24 system
• It is possible to specify more than one period for a day
• If 1 or 2 digit value is entered, then system will take it as minutes
from midnight
 END TIME
• Specifies the time till which the user can access T24 system

USER PROFILE
 Time Out Minutes

• Allows the user session to logoff automatically after the specified time.
• The maximum value allowed in this field is 999
• This verifies TIMEOUT MODE field of SPF
– TIMEOUT MODE = ACTIVE
» Automatically sign off the user after specified time
» This rule will not be applied if the transaction is in Input/authorization phase
– TIMEOUT MODE = PASSIVE or NULL

» Automatically sign off the user after specified time
» There is no distinction between authorization and other phase

USER PROFILE
 ATTEMPTS
• Number of unsuccessful attempts allowed during login
• After this count user profile will get disabled automatically
• Disabled user profiles can be identified by using the mainline
routine PASSWORD.EXCEPTION
 INIT APPLICATION
• Applicationor Menu to be executed whenever the user logs on
to the system
• Menu should be prefixed with “ ? “

USER PROFILE
 CUSTOMER
• Customer financial information that can be accessed by the
External user
• Mandatory for External User
• This field is enabled only for external users
 ACCOUNT
• External user cannot access Account information If it is not
given in this field
• Cannot be entered unless CUSTOMER is entered

USER PROFILE
 ATTEMPTS SINCE
• Number of unsuccessful attempt is updated
• If
this count is greater than the number in ATTEMPTS,
password will get disabled

USER LOGS
 SIGN ON OFF LOG

• Specifies whether a log should be written to PROTOCOL file or not
every time the user Signs on or off
• Unsuccessful attempt is always logged in irrespective of this field
value
 SECURITY MGMT LOG
• Specifies whether a log should be written to PROTOCOL every
time when the user tries to access Security management
applications
– Ex : USER , PASSWORD.RESET etc

USER LOGS
 APPLICATION LOG
• Specifies
whether a log should be written to PROTOCOL every
time when the user tries to access any T24 application
 FUNCTION ID LOG
• Specifies
whether or not full details of every Application,
Function and record ID accessed by this User should be
recorded in the PROTOCOL file

USER PROFILE
 CLEAR SCREEN
• Ifset to Yes, it clears the screen whenever the user finishes
processing
• If set to No, screen will remain in the same page after
transaction processing
 PRINTER FOR RPTS
• Printer to be used for printing the reports
• Should be a valid printer or &HOLD&

USER PROFILE
 PRINTER FOR P FUNC

• Printer to be used when P function is used to print the reports
 AMOUNT FORMAT
• Specifies the separators to be used for formatting amounts
• It is a two character pair
• First is the amount separator , second is the decimal separator
– Ex : ,.

USER PROFILE
 ATTRIBUTES
• COMMAND.LINE - User is allowed to use command line
• EXPLORER - Allows the user to use the Application explorers
• ENQUIRY.INDEX - Allows access to the enquiry index, where
the user is given access only to enquiries
• REALTIMEENQUIRY - Allows the use of real time enquiries for
this user
• LOCK.PREFERENCES - Prevents the user from gaining access
to various Desktop settings including file locations and some
system administrative functions

USER PROFILE
• SUPER.USER - Allows user access

– To all of the features
– For all future functionality with the exception of
REALTIMEENQUIRY
• LOCK.DEACTIVATION - To Disable "Deactivation profile" menu
item on desktop menu Bar
• LOCK.DESIGNERS - To disable all Designer's menu items on
Desktop menu bar
• LOCK.MISC.ITEMS - Prevents the user from gaining access to
– user toolbar , list of enquiries and list of reports in desktop

USER PROFILE
 OTH BOOK ACCESS

• The branches or books that the user can access
• COMPANY.SMS.GROUP key can also be given
 OTH BOOK BLOCK

• The branches or books that the user should not access
• COMPANY.SMS.GROUP key can also be given

USER PROFILE
 ALLOWED DAYS
• Specifies the days for which the period for user access is given
• Period is given in START TIME and END TIME fields
• The values allowed are 1 to 7
• * for all days
 START TIME
• Start period of the day from which the user is allowed to access T24
system
 END TIME
• End period of the day till which the user is allowed to access T24
system

Access Restriction
Restriction Level
 User Access can be restricted to
• Specific Company Specific Printer

• Specific Application Temporary Access
• Specific Version Specific Function
• Specific Data Specific Account
• Specific Customer Specific Time

User Profile Access
 Based on the business profile of a user,

• Provide access to relevant company, application, version and
function
 Helps in maintaining the confidentiality of the information
available in the system
 Access can be restricted to Individual user or Group of users

Access Restriction
 Company Restr
• Specifies the company to which the user is allowed to use the
application, version and function attached in the related field
• ALL – To allow access all companied in COMPANY CODE field

USER PROFILE
 APPLICATION
• Valid T24 application allowed for the given company
• ALL.PG – Allowed for all applications and programs
• ALL.PG.H – Only ‘H’ type files can be accessed
• SMS ID is prefixed with @ symbol

USER PROFILE
 VERSION
• Name of the version preceded by ,
•? and * can be used as wild card characters
•* - For any number of characters
•? – For single character

USER PROFILE
 FUNCTION
• Specifies the allowed functions
• ALL – Will automatically update all the functions except ‘Q’
•N – No function allowed

USER PROFILE
 Define Conditions, based on which the corresponding

application is accessed
 FIELD NO
• Field on which condition has to be applied
• Direct field number can be given
• APPLICATION NAME > FIELD NAME can be entered
 DATA COMPARISON
• Comparison operator
– Ex : EQ, GE , LT, NE, UL

PASSWORD Conditions
SPF
 PWD REPETITION
 Number of different passwords a user can use before
repeating the first password

SPF
 PASS MIN LENGTH

• Minimum length of T24 user password
• Default minimum length is 6
 PASS UPPER ALPHA
• Numberof upper case alphabets must be entered in the
password
 PASS LOWER ALPHA
• Number of lower case alphabets must be entered in the
password

SPF
 PASS NUMERIC
• Number of numeric characters must be entered in the password
 PASS OTHER
• Ay character that must be part of the password
• Ex : $

PASSWORD RESET
 PASSWORD.RESET is an application that allows the user

• To reset the password
• To reset the number of failed attempts
• To enable the user profile
 ID of this application can be

• Any alphabets or numeric

PASSWORD RESET
 USER PW ATTEMPT
• Value should be valid USER ID
• This will reset the password and number of attempts
 USER ATTEMPT
• Value should be valid USER id
• This will reset the number of login attempts
• Count will start from 0 again

PASSWORD RESET
 USER DEACT PERD

• ID
of the user whose profile has to enabled before completion of
deactivation period
 USER RESET
• ID of the user whose password to be reset to specific password
• Password should be specified in USER PWD field
 USER PASSWORD
• Value specified in this field will get cleared on commit
• The encrypted password is stored in USER PWD field

USER SMS GROUP
USER.SMS.GROUP
 Grouping of Users having same user rights

 Allows definition of restriction at Application & Function level
 Creation of Logical groups that can be attached to User
profile
 Avoid repetition of related application in different User
profiles

USER SMS GROUP

USER SMS GROUP
 Temporary access can be provided to the user

 TEMP FUNCTION
• Functions
allowed for the user for temporary period specified in
START DATE and END DATE fields
 START DATE
• Thedate from which the user may access the additional
functions
 END DATE
• The date till which the user may access the additional functions

USER SMS GROUP
 This SMS group can be attached to the user profile by

prefixing it with @

Authorization Rights
Authorization
 T24 generates two types of messages:

• Override message
– Messages that can be overridden by the User
• Error message
– Messages should be corrected before the transaction is committed
– Otherwise, the transaction would be aborted or could not be
committed

Example of Error Message

Example of Override Message

Override
Override
 Warning messages pertaining to a transaction

 Prompted to the user before committing a transaction
 User can Accept/Reject transaction with the warnings
 Accepting Override message will complete the transaction

Tables Involved
 Three applications are linked with Override

• OVERRIDE
– Define Override message & Application name

• OVERRIDE.CLASS
– Define Override message & ID of Override Class detail

• OVERRIDE.CLASS.DETAILS
– Define classification & condition

OVERRIDE
 Override Message can be :

•A simple text
– Ex : NO LINE ALLOCATED
•A variable text
– Ex : Unauthorized overdraft of USD 10000 on account 14613
– Where, the Currency, Amount and Account number are variable
values
 Define valid data type

• Ex : CCY

OVERRIDE

OVERRIDE.CLASS.DETAILS
 Override message returns variable data elements

 Specify different Override Classes depending on the variable
data element
 ID of OVERRIDE.CLASS.DETAILS is attached to the Field
‘Override Detail’ of OVERRIDE.CLASS

 Define conditions for Override contract Authorization

 Data Def
• Define order of the variable data element
 Classification
• Define Classifications for Override Class
• Specifies the classification type for the override message
• Allowthe user to define different levels of approval within each
application, according to the nature of the override

 Data Def No.

• Define Field No.
• FieldNo. called based on application defined in Override
Application
 Comparison
• Define field level conditions
• Itis an operator linking the Data Def in field 1 to the values for
comparison in fields 5 & 6 (Data From & Data To)


OVERRIDE.CLASS
 ID - Application name
• Ex : FUNDS.TRANSFER
 Override text
• Allows
the user to define specific classifications for the override
messages of the ID application
• Should be the same as defined in Override application
 Define Record Id from OVERRIDE.CLASS.DETAILS in field
‘Override Detail’

OVERRIDE.CLASS

User Access
 Attach Override Classification name in field ‘Override Class’

Example
 Input a contract in FT module, and approve the OVERRIDE

in the contract

Example

Example

Example

Example

Features
Sign-On Reset
 T24 session remains in the server when:

• User closes their PC without closing T24
• Hardware or system failure occurs

Types Of Sign Off
 User Initiated
 Inactive Session
 Hardware Failure

Sign-On De-activation/ Password
Reactivation
 User profile can be deactivated and reactivated
 Use -> Tools Menu -> My Profile -> Deactivate Profile
 Enter Deactivation Date & Reactivation Date

Sign-On De-activation/Password
Reactivation

Summary
 Set up of security management system in T24

• Security at various levels including user, application, field and
function levels – USER application
• Process level approval – OVERRIDE application

All product names and other company names used herein are for identification purposes only and
may be trademarks or registered trademarks of their respective owners. Errors and omissions excepted,
all specifications are subject to change without notice.
© 2009 Thesys Technologies Incorporated. All rights reserved.
FOR MORE INFORMATION

Visit : www.thesys.co.in
email : marketing@thesys.co.in

Day 2 - Session 1-3 - SMS

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Day 2 - Session 1-3 - SMS

Uploaded by

Copyright:

Available Formats

Security Management System

2 Thesys Training Centre

 SMS in T24 can restrict access to T24 applications only

3 Thesys Training Centre

 For every user who is allowed to use T24, a user record

5 Thesys Training Centre

 Enter USER, I <User-name>

6 Thesys Training Centre

7 Thesys Training Centre

8 Thesys Training Centre

9 Thesys Training Centre

10 Thesys Training Centre

 START DATE PROFILE

 END DATE PROFILE

11 Thesys Training Centre

12 Thesys Training Centre

 Time Out Minutes

– TIMEOUT MODE = PASSIVE or NULL

13 Thesys Training Centre

14 Thesys Training Centre

15 Thesys Training Centre

16 Thesys Training Centre

 SIGN ON OFF LOG

17 Thesys Training Centre

18 Thesys Training Centre

19 Thesys Training Centre

 PRINTER FOR P FUNC

20 Thesys Training Centre

21 Thesys Training Centre

• SUPER.USER - Allows user access

22 Thesys Training Centre

 OTH BOOK ACCESS

 OTH BOOK BLOCK

23 Thesys Training Centre

24 Thesys Training Centre

 User Access can be restricted to

• Specific Company Specific Printer

26 Thesys Training Centre

 Based on the business profile of a user,

27 Thesys Training Centre

28 Thesys Training Centre

29 Thesys Training Centre

30 Thesys Training Centre

31 Thesys Training Centre

 Define Conditions, based on which the corresponding

32 Thesys Training Centre

34 Thesys Training Centre

 PASS MIN LENGTH

35 Thesys Training Centre

36 Thesys Training Centre

 PASSWORD.RESET is an application that allows the user

 ID of this application can be

37 Thesys Training Centre

38 Thesys Training Centre

 USER DEACT PERD

39 Thesys Training Centre

 Grouping of Users having same user rights

41 Thesys Training Centre

42 Thesys Training Centre

 Temporary access can be provided to the user

43 Thesys Training Centre

 This SMS group can be attached to the user profile by

44 Thesys Training Centre