Making Life Easy

User Access Management

- 04th July, 2014

Revision History
Name

Date

Reason For Changes

Reviewed

Version

Rahul Ganjave

18/08/2013

First draft

Rahul Jayaraman

0.1

Mukesh Singh

04/07/2013

Second draft

Radhkrishan Barre/
Derrick

0.2

INTRODUCTION
This document explains the Middlewares Access Control module which involves creation of roles,
assigning permissions to every role and restricting data access for a user.

CREATION OF ROLES
The Middleware is hard-coded with one static role called Admin and UAM, who as a super-user has
rights to all features.
The Admin an UAM is responsible for creating other roles in the system.
The Middleware ships with the following pre-seeded roles.

Document Name:
User Access Management

Confidential & for Limited Circulation only

Forbes Technosys Limited
User Access Management for HDFC Bank

Page 2 of 8
November 5, 2014

Admin

UAM

NCM

NCM

RCM

ACM

CLM

Agency Sup.

Collection
Agent

RCM

RCM

ACM

CLM

ACM

CLM

CLM

Agency Sup.

Agency Sup.

Agency Owner

Collection
Agent

Document Name:
User Access Management

ACM

Confidential & for Limited Circulation only

Forbes Technosys Limited
User Access Management for HDFC Bank

Agency Sup.

Collection
Agent

Collection
Agent

Collection
Agent

Collection
Agent

Page 3 of 8
November 5, 2014

CREATION OF USER
A standard KYC form is filled up by the Admin and UAM when a user is created. Maker
checker process will be introduced at user creation. Any UAM user other than requester
UAM can approved user creation request. Post creation, the user will receive an email with a
unique link to a page where he can set his password. The link is made unique by means of a
password token which is part of the URL. Multiple users can be created in the system via
uploading an excel sheet as well.
A standard Role can be created by the Admin and UAM (e.g. NCM, RCM, etc.) with
specified right. This Created roles option can be provided at the time of User creation which
has default right as per his role assign. Role right can be modified at the time of user
creation. Only report view right can be modified.
When a user is created, he must be assigned a Role. A user at any point of time can have
only one role. User creation and assignment of Role is managed by the Admin and UAM.

Masters for User KYC: User Login, User Registration Trail

PERMISSIONS
Every Role in the middle-ware can be assigned features through permissions. A user can
access only those features which have been assigned to his role. The following is an
indicative list of features which the middleware would provide.

AGENCY SUPERVISOR ROLE

Every Agency supervisor Role creation agency code will be assign. Agency Supervisor may
report multiple CLM for same or different loan product. Supervisor can created/ Remove
Collection Agent. Creation and Removal of agent is authenticated by maker checker
process. Approval option will be display to his all reporting CLM.

Document Name:
User Access Management

Confidential & for Limited Circulation only

Forbes Technosys Limited
User Access Management for HDFC Bank

Page 4 of 8
November 5, 2014

CLM ROLE
At the time of CLM creation, CLM will map to his respective ACM. CLM will be report to a
single ACM. Multiple Agency Supervisor can be mapped to CLM. CLM can view and confirm
all type of approval of supervisors reporting to him. CLM can see all type of Report which
has data contained only related to him.

AGENCY OWER ROLE

Agency Owner Role has multiple Agency Supervisor reporting. Agency Owner can view all
report and approvals.

ACM ROLE
At the time of ACM creation, ACM will map to his respective RCM. CLM will be report to a
single RCM. Multiple CLM can be mapped to ACM. ACM can see all type of Report which
has data contained only related to CLM mapped to him.

RCM ROLE

At the time of RCM creation, RCM will map to his respective NCM. ACM will be report to a
single NCM. Multiple ACM can be mapped to RCM. RCM can see all type of Report which
has data contained only related to ACM mapped to him.

NCM ROLE

At the time of NCM creation, NCM will map to Admin. Multiple RCM can be mapped to NCM.
NCM can see all type of Report which has data contained only related to RCM mapped to
him.

Document Name:
User Access Management

Confidential & for Limited Circulation only

Forbes Technosys Limited
User Access Management for HDFC Bank

Page 5 of 8
November 5, 2014

MGMT.

REPORTS

ACTIONS

Masters

Machine Control

Logs

HHT Master
Role Master

HHT Branch Transfer

Lock/Unlock Machines
Machine Surrender
Machine Repair
Machine Re-Stock
Machine Re-Allocation

Executive Enrolment Log

Business rules Modification Request
Collection Executive Locking Logs
Collection Executive Unlocking Logs
HHT Transfer Log

OTP Lookup

Transaction Report(Hierarchy wise)

User Management
User Creation
User Permissions
Map User to
Agency
Remapping User

Asset Confirmation (HHT

Confirmation)
Lost Machine
Allocation
Re-Allocation

Requests
Collection Executive
Enrollment Request
Business Rule Modification
Request

Agency Supervisor Wise (Transaction)

CLM Wise (Transaction)
ACM Wise (Transaction)
RCM Wise (Transaction)
Collection Executive Wise Collection
Cancelled Transactions
Transactions Pending Confirmation
NCM Wise (Transaction)

Approval Level 1

Machine Reports

Collection Executive
Enrollment
Business Rule Modification

Asset Confirmation (HHT Confirmation)

Report
HHT Deployment
Locked User
Unlocked User

Approval Level 2
Collection Executive
Enrollment
Business Rule Modification

HHT Current Status (Lock & Unlock)

Lost HHT Report
Machine History Report
Surrender Report

Allocation
Allocation Trail
Allocation Summary
Re-Allocation Trail
De-Allocation Trail

Document Name:
User Access Management

Confidential & for Limited Circulation only

Forbes Technosys Limited
User Access Management for HDFC Bank

Page 6 of 8
November 5, 2014

RESTRICTING DATA ACCESS FOR A USER

To re-strict what a user can create, approve or access, he must be mapped to one or more
agencies. The users access would be restricted only to agencies he has been assigned.

Masters for Mapping User to Agency: Map User to Agency

PASSWORD EXPIRY
A users password would expire after a certain period of time which would be configurable.
The system would ship with a default expiry of 30 days which can be changed by the admin.

Document Name:
User Access Management

Confidential & for Limited Circulation only

Forbes Technosys Limited
User Access Management for HDFC Bank

Page 7 of 8
November 5, 2014

USER STATES

Users would have the following states.

Active: Live and active users

Disabled: Disabled users who are temporarily barred from login
Locked: Users locked out due to unsuccessful login attempts
Deleted: Users who have been deleted from the system which cannot be activated or
recreated again.

All Users can be disabled or deleted by the Admin along with a reason. The pre-seeded
Admin user cannot be disabled, locked or deleted.
Disabled/Locked users can be activated again by the Admin user along with a reason.
The process of disabling/locking/deleting/re-activating a user would be logged & a trail would
be maintained.
Any user who does not login for a specific period of time would be disabled. The period is
configurable & can be changed by the Admin.
Also, a user after a certain number of unsuccessful login attempts would be locked. The no
of attempts would be configurable and changed by Admin.

SESSIONS
Sessions are stored in the database & a trail is maintained. While a user is logged in, he
may not log in using another session from any browser or system.
Sessions expire after a pre-defined amount of time which is configurable by the Admin user.

Document Name:
User Access Management

Confidential & for Limited Circulation only

Forbes Technosys Limited
User Access Management for HDFC Bank

Page 8 of 8
November 5, 2014