Access Rights
-
Upload
abdullah-imaduddin -
Category
Documents
-
view
218 -
download
1
description
Transcript of Access Rights
Day 6: KPEI Technical Training
2007
Day 05 - Access Rights
3 - Presentation title - dd-Mmm-yyyy - Capco confidential
Objectives
Understand Access Rights and how it works Understand how development is planned Understand what needs to be modified Exercise: Implementing Access Rights for instructions
4 - Presentation title - dd-Mmm-yyyy - Capco confidential
What are Access Rights?
An Access Right is the ability to perform a certain function within the system. This right allows the user access to functionality within the e-Clears System.
5 - Presentation title - dd-Mmm-yyyy - Capco confidential
Structure
Instructions
Access Right
Group User
6 - Presentation title - dd-Mmm-yyyy - Capco confidential
Structure
Many-to-many relationship An Access Right may have one or many Instructions.
e.g. Right to do a 6-eye creation of Security Transfer Contains 6-eye create, short inquiry, and detail inquiry instructions
An Instruction may be linked to one or many Access Rights.
e.g. the short inquiry instruction may be used by the create, check, and approve Access Rights
An Access Right may be assigned to one or many Groups.
e.g. the Right to view a balance position can be granted to all groups within a member.
7 - Presentation title - dd-Mmm-yyyy - Capco confidential
Structure
A Group can have one or many Access Rights. e.g. Rights to do a 6-eye, 4-eye and 2-eye creation of Security
Transfer
A Group can have one or many Users.
A User can belong to one or many Groups.
8 - Presentation title - dd-Mmm-yyyy - Capco confidential
How are Access Rights Used?
The Administrator of a Member type is able to create groups.
A Member Administrator is able to grant access rights to its groups.
Each group can have its own set of access rights. The users of each group thus have access to the system
depending on the rights assigned to each group.
9 - Presentation title - dd-Mmm-yyyy - Capco confidential
Characteristics of Access Rights
Access Rights for a Member are pre-defined during development.
When the KPEI Administrator creates a Member, the pre-defined rights are granted to the Member.
It is up to the Member Administrator to create groups and users.
10 - Presentation title - dd-Mmm-yyyy - Capco confidential
Access Rights Technical Architecture
KSEI
COBASS
KPEI
COBASS
KSEIWebserver
KPEIWebserver
Static Datareplication
KSEI local tables(Rights, groups,
users ...)
KPEI local tables(Rights, groups,
users ...)
KSEI WS
KPEI WS
Clearing member WS
Non clearing member WS
Registrar WSKPEI instructionsInquiriesReportsUser/group mngtView Static dataKPEI business rulesFees & invoicesCreate participantadministrator atKPEI
KSEI instructionsInquiriesReportsUser/group mngtStatic data mngtKSEI business rulesFees & invoicesCreate participant/reg.& KPEIadministrators at KSEI
ConfirmationsUser/group mngt Reports
User/group mngt
Stock exchange WSSecurity & Booktransfers (from depositaccounts)Inquiries
11 - Presentation title - dd-Mmm-yyyy - Capco confidential
What You Need to Modify
Cobass-web Database Application Server Classes (java)
12 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan
Instruction planningCore InstructionsSub-instructions
Instruction Authorization Matrix
Table numberColumn numberRow number
Cobass-web
Database
Application Server Classes
13 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan
Instruction planning Core instructions needed Sub-instructions
Instruction Authorization Matrix Table numbers Columns Rows
14 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan
Cobass-web StaticTable.ini menu.jsp configuration.xml
Database MESSAGE_CODES RIGHTS MESSAGE_TYPES MESSAGE_TYPE_RIGHTS
Application Server Classes Adding of default rights
15 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan – Instruction Planning
Core Instructions Neededexample:DVP__INSTR (Delivery versus Payment)
Sub Instructions DVP__ENQSH DVP__ENQDT DVP__CREAT DVP__CRDCH DVP__CRDAP
DVP__CHECK DVP__APPRO DVP__REJCT DVP__CACRE …
16 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan – Instruction Planning
Group the sub-instructions of a core instruction and assign them an Authorization Message Code.
This Authorization Message Code must be unique.
DVP__CREATDVP__CRDCHDVP__CHECK…
DVP__INSTR
Core Instruction
Sub-instructions02004300
17 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan – Instruction Planning
What is the Authorization Message Code? The Authorization Message Code is used to create an access right link in
Cobass-web. It is also used to link the Member to the instruction.
Code excerpt from Wscmptab.ini[TABLES]T011=Clearing & settlement;02004300;0
T011: Table 11Clearing & Settlement: Title of link for rights02004300: Authorization Message0: For subscription. Not used.
(Always use 0)
18 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan – Instruction Planning
Screen shot of access right link
19 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan – Instruction Planning
Assign external IDs to the sub-instructions
DVP__CREATDVP__CRDCHDVP__CRDAP…
DVP__INSTR
Core Instruction
Sub-instructions02004300
040010530400105404001055
20 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan – Instruction Planning
What are External IDs? External IDs are unique numbers used to identify a sub-instruction. These IDs are stored in the database and are used as part of Rights
control. External IDs are specified in menu.jsp and configuration.xml
What are Internal IDs? Internal IDs are also unique identifiers used to identify a sub-
instruction. They are generally used to denote the type of sub-instruction and
can be part of the data that is passed from Cobass-web to the back-end for processing.
21 - Presentation title - dd-Mmm-yyyy - Capco confidential
Development Plan – Instruction Planning
Excerpt from configuration.xml
<Message externalID="04001053" internalID="DVP__CREAT" structure="WSDvpRvpDetailedIncoming" collaborator="WorkstationCollaborator" incomingMapper="WSDvpRvpDetailedIncomingMapperStrategy" errorMapper="WSErrorMapperStrategy"/>
22 - Presentation title - dd-Mmm-yyyy - Capco confidential
Instruction Authorization Matrix
Access Rights to instructions are arranged with the use of Rows and Columns.
These Rows and Columns specify what functionalities a core instruction has. For example, in ‘Delivery vs payment’, the user has access to ‘Create’, ‘Check’, ‘Approve’, ‘Direct Check’, and ‘Direct Approve’ functions.
23 - Presentation title - dd-Mmm-yyyy - Capco confidential
Instruction Authorization Matrix
ActionInstruction type
CreateColumn 1
CheckColumn 2
ApproveColumn 3
Direct checkColumn 4
Direct approvalColumn 5
DVPRow 1
04001051040010520400105304001059
040010510400105204001056040010580400106204001064
040010510400105204001057040010580400106304001064
0400105104001052040010540400105604001058040010600400106204001064
0400105104001052040010550400105704001058040010610400106304001064
How the Rows and Columns are mapped
24 - Presentation title - dd-Mmm-yyyy - Capco confidential
Instruction Authorization Matrix
Each sub-instruction has the following attributes: Row number Column number Table number
The row and column numbers specify the types of sub-instructions that are applicable to a particular function.
25 - Presentation title - dd-Mmm-yyyy - Capco confidential
Instruction Authorization Matrix
For example if we grant ‘Create’ privileges to a user for ‘Delivery vs payment’:
26 - Presentation title - dd-Mmm-yyyy - Capco confidential
Instruction Authorization Matrix
ActionInstruction type
CreateColumn 1
DVPRow 1
04001051 (DVP__ENQSH)04001052 (DVP__ENQDT)04001053 (DVP__CREAT)04001059 (DVP__CACRE)
The sub-instructions that are associated with ‘Delivery vs payment’ ‘Create’ are as follows:
27 - Presentation title - dd-Mmm-yyyy - Capco confidential
Instruction Authorization Matrix
Table Numbers Each Table Number corresponds to an Authorization
Message Code. The Table Number groups similar core instructions (and
their respective sub-instructions) together.
For example, the Clearing & Settlement function contains both delivery and receiving (DVP and RVP) instructions. They are both grouped under Table Number 11.
Note: If a new function is created, the Table Number allocated must be unique.
28 - Presentation title - dd-Mmm-yyyy - Capco confidential
Cobass-web
StaticTable.ini[TABLES]T011=Clearing & settlement;02004300;0
menu.jsp Need to modify both menu.xtm files that are found in:
/webapps/kpei/general/webapps/kpei/Clearing
The external IDs specified in these two files must match.
29 - Presentation title - dd-Mmm-yyyy - Capco confidential
Cobass-web
menu.jsp in /webapps/kpei/generalThis file defines the left-hand navigational bar.
30 - Presentation title - dd-Mmm-yyyy - Capco confidential
Cobass-web
What to add in menu.xtm (general)[IF "£RIGHTSET,#MEMORY&04001µ" = "1" OR
"£RIGHTSET,#MEMORY&04002µ" = "1" OR "£RIGHTSET,#MEMORY&04003µ" = "1" OR "£RIGHTSET,#MEMORY&04004µ" = "1"] <tr> <td><img src="@@IMG[dot.gif]"></td> <td><a href="@@TRX[INSTCLEA]" ID="l{%t}" target="body" onClick="DoClick('l{%t}')">Clearing & Settlement</a></td> </tr>
[INC t][ENDIF]
31 - Presentation title - dd-Mmm-yyyy - Capco confidential
Cobass-web
menu.jsp in /webapps/kpei/ClearingThis file defines the right-hand menu items in the ‘main’ screen.
32 - Presentation title - dd-Mmm-yyyy - Capco confidential
Cobass-web
What to add in menu.xtm (general)
[IF "£RIGHTSET,#MEMORY&04001051µ" = "1" OR "£RIGHTSET,#MEMORY&04002051µ" = "1" OR "£RIGHTSET,#MEMORY&04003051µ" = "1" OR "£RIGHTSET,#MEMORY&04004051µ" = "1"]<table border="{#MENUBORDERWIDTH}" align="center" width="60%" bgcolor="#{#MENUTABLECOLOR}" bgcolor="#{#MENUTABLECOLOR}"> <tr>
<td width="100%"> <table border="0" width="100%" cellspacing="2">
<tr> <td bgcolor="#{#MENUCELLCOLOR}">
<img src="@@IMG[mball7.gif]"><a href="javascript:RememberWhichToShow('@@TRX[INSTCLEA;BT_SEARCH=X&FCT=INQ&FIRST=1]')" ID="l{%t}" target="body" class="Title" onClick="DoClick('l{%t}')"><font><u>Clearing & settlement instructions inquiry</u></font></a>
[INC t] </td></tr>
33 - Presentation title - dd-Mmm-yyyy - Capco confidential
Cobass-web
configuration.xml
<Message externalID="04001053" internalID="DVP__CREAT" structure="WSDvpRvpDetailedIncoming" collaborator="WorkstationCollaborator" incomingMapper="WSDvpRvpDetailedIncomingMapperStrategy" errorMapper="WSErrorMapperStrategy"/>
34 - Presentation title - dd-Mmm-yyyy - Capco confidential
Database
Access Rights are defined by their definitions in four tables within the database. The tables are as follows:
MESSAGE_CODES MESSAGE_TYPES MESSAGE_TYPES_RIGHTS RIGHTS
35 - Presentation title - dd-Mmm-yyyy - Capco confidential
Database
MESSAGE_CODESThe MESSAGE_CODES table stores all codes for messages within the system.
MESSAGE_TYPESThe MESSAGE_TYPES table describes the type of message.
MESSAGE_TYPES_RIGHTSThe MESSAGE_TYPES_RIGHTS table links the messages to the RIGHTS table.
RIGHTSThe RIGHTS table specifies the row, column and table numbers for the messages (instructions).
36 - Presentation title - dd-Mmm-yyyy - Capco confidential
Database
MESSAGE_CODESCODE_LANGCODE_MCID_MC_CAPCOLST_UPD_TSMT_ID_MT_CAPCO
MESSAGE_TYPESCLASS_VAL_NMID_MT_CAPCOLST_UPD_TSMT_DSCFLG_MSG_IN
MESSAGE_TYPES_RIGHTSID_MTR_CAPCOLST_UPD_TSMT_ID_MT_CAPCORIGHT_ID_RIGHT_CAPCO
RIGHTSCELL_DSCCOL_NBRID_RIGHT_CAPCOLST_UPD_TSROW_NBRTAB_NBR
37 - Presentation title - dd-Mmm-yyyy - Capco confidential
Database
ExampleDVP ‘Create’ – This belongs to Table 11, Row 1, Column 1.
38 - Presentation title - dd-Mmm-yyyy - Capco confidential
Database
MESSAGE_CODESinsert into message_codes values('WRKSTATION', '04001053', ‘MSGCD_____TOOL20000222000000000_04001053', TO_CHAR(sysdate,'YYYYMMDDHH24MMSS') || '000', ‘SECMT_____TOOL20000222000000000_04001053');
MESSAGE_TYPESinsert into message_types (ID_MT_CAPCO, LST_UPD_TS, MT_DSC, FLG_MSG_IN) values (‘SECMT_____TOOL20000222000000000_04001053', TO_CHAR(sysdate,'YYYYMMDDHH24MMSS') || '000','INSTRINQ',1);
39 - Presentation title - dd-Mmm-yyyy - Capco confidential
Database
MESSAGE_TYPES_RIGHTSinsert into message_types_rights values(‘SECMR_____TOOL20000222000000000____00007',TO_CHAR(sysdate,'YYYYMMDDHH24MMSS')||'000', 'SECMT_____TOOL20000222000000000_04001053', 'SECRG_____TOOL20000222000000000011001001');
RIGHTSinsert into rights values(‘DVPCREATE', 1, 'SECRG_____TOOL20000222000000000011001001',TO_CHAR(sysdate,'YYYYMMDDHH24MMSS')||'000',1,11);
Column number
Row number Table number
40 - Presentation title - dd-Mmm-yyyy - Capco confidential
How do we Assign Rights to the Member Type?
Need to assign the member default rights to access the new function.
41 - Presentation title - dd-Mmm-yyyy - Capco confidential
Application Server Classes
Adding Default Rights to a User Modify
capco.cbss.security.instruction.AdminCreateProcessStrategy
This class specifies the default rights that are given to a member upon creation of member. Note: The numbers that you see are table numbers.
/* These are the rights for a Investor Member Type */ private static final int RIGHTS_INVESTOR = 112;
if (type == KSEIMemberType.getInvestorTypeValue()) { addTableRights ( groupID, RIGHTS_INVESTOR); }
Table number
42 - Presentation title - dd-Mmm-yyyy - Capco confidential
Adding Rights to the Member
You still need to assign the Member rights to this new function. Only additions to the database are required. Each Member type has a unique table number.
Member type or role / Functions
Clearing Member
Non-Clearing Member
Table number 107 106
Description Table number Authorization message
Clearing and settlement 11 02004300 X X
Deposit management 12 02004301 X X
Confirmations 13 02004302
Cash transfer 14 02004303 X X
Funds management 25 02004314
43 - Presentation title - dd-Mmm-yyyy - Capco confidential
Adding Rights to the Member
The member table number has to be linked to the functions it can access.
e.g. Linking OTC instructions to Table 11 (Clearing Member rights)
MESSAGE_CODES MESSAGE_TYPES
RIGHTS MESSAGE_TYPES_RIGHTS
member table number 11
11
Trade Take-up/Give-up Authorization Message
right_id_right_capco*
mt_id_mt_capco
44 - Presentation title - dd-Mmm-yyyy - Capco confidential
Exercise
45 - Presentation title - dd-Mmm-yyyy - Capco confidential
Exercise