Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define Entity SeniormanagerAccess #13

Closed
francis-pouatcha opened this issue Sep 18, 2024 · 0 comments · Fixed by #24
Closed

Define Entity SeniormanagerAccess #13

francis-pouatcha opened this issue Sep 18, 2024 · 0 comments · Fixed by #24
Assignees
@Koufan-De-King

Comments

@francis-pouatcha
Copy link
Contributor

francis-pouatcha commented Sep 18, 2024
edited
Loading

Entity: SeniorManagerAccess

Overview:

SeniorManagerAccess is a specialized entity that grants access specifically for managing the roles and permissions of ManagerAccess users associated with a bank account. It is designed for individuals or entities (often senior executives or higher-level managers) who are responsible for overseeing and controlling the delegation of permissions to other managers. However, it does not grant any direct access to the account itself—such as making transactions, viewing balances, or interacting with the account's funds.

Key Characteristics:

  1. Role-Specific Permissions:

    • The primary function of SeniorManagerAccess is to manage and control the ManagerAccess roles associated with the bank account. This includes:
      • Creating new ManagerAccess roles.
      • Modifying the permissions of existing ManagerAccess roles.
      • Revoking or suspending ManagerAccess when necessary.
    • The SeniorManagerAccess role does not allow direct actions on the account (such as transferring funds or viewing balances).

  2. Manager Oversight:

    • Individuals with SeniorManagerAccess have oversight responsibility over the managers who handle the account but are not involved in day-to-day operations of the account itself.
    • This role is often used in corporate environments where a hierarchy exists, and different levels of authority are required to manage account access.

  3. Indirect Control Over Account:

    • While SeniorManagerAccess users cannot directly interact with the account (e.g., making transactions), they have indirect control over it by determining who has ManagerAccess. This means they play a key role in managing the flow of permissions but without engaging in operational account activities.

  4. Scope of Permissions:

    • The scope of actions allowed under SeniorManagerAccess includes:
      • Assigning new managers with varying levels of ManagerAccess.
      • Modifying or updating the permissions of existing managers.
      • Suspending or removing manager-level access if necessary.
    • These actions are crucial for maintaining proper access governance, ensuring that managers can only perform tasks appropriate to their level of responsibility.

  5. No Access to Account Data or Funds:

    • Crucially, SeniorManagerAccess users cannot:
      • View the account balance.
      • Execute payments or transfers.
      • Access transaction histories.
      • Modify account details such as limits or overdraft settings.
    • This strict separation ensures that users in this role only manage access permissions and do not perform operational tasks on the account.

  6. Role Creation and Assignment:

    • SeniorManagerAccess is typically assigned during the initial setup of a corporate account or later when an organization grows and requires tiered access control. It may also be assigned to senior-level stakeholders who oversee multiple accounts but do not directly manage them.

  7. Status:

    • SeniorManagerAccess roles can have the following statuses:
      • Active: The individual has full authority to manage ManagerAccess roles.
      • Restricted: Some or all of the authority may be limited (e.g., they can modify existing roles but not create new ones).
      • Suspended: Temporarily unable to manage ManagerAccess, often due to internal policies, legal restrictions, or account reorganization.

  8. Weight:

    • The weight of a SeniorManagerAccess role can vary, but it typically represents a higher level of control over access management. For example, a SeniorManagerAccess user might have a weight of 1 (full authority over manager access), while ManagerAccess roles might have fractional weights depending on their specific permissions.

Example Workflow for SeniorManagerAccess:

  1. Assigning a New Manager:

    • A Senior Manager, holding SeniorManagerAccess, is responsible for assigning a new manager to an account. They create a ManagerAccess entity and specify the permissions (e.g., view-only access or full management capabilities).
    • They do not interact with the account directly, but they ensure that the right people have the appropriate level of ManagerAccess.

  2. Modifying Manager Permissions:

    • If a manager’s responsibilities change, the SeniorManagerAccess holder can update the ManagerAccess permissions, restricting or expanding the manager’s authority over the account.
    • This might involve reducing a manager’s ability to initiate transfers or limiting their access to specific sub-accounts.

  3. Suspending Manager Access:

    • If a manager is leaving the organization or if there is a security concern, the SeniorManagerAccess user can immediately suspend or revoke their ManagerAccess.
    • This suspension ensures that the manager can no longer interact with the account until further review or reinstatement.

Key Scenarios for SeniorManagerAccess:

  • Corporate Governance: In a corporate environment, the CEO or CFO might hold SeniorManagerAccess to control which department heads (with ManagerAccess) can manage the company’s bank accounts. They ensure that only authorized personnel have access and that these permissions are properly governed.
  • Delegated Access Control: In large organizations or financial institutions, a Senior Manager might oversee a team of financial managers. While the Senior Manager ensures proper access control, they do not interact with the funds or account operations themselves.
  • Security Compliance: SeniorManagerAccess is an essential role for security and compliance, ensuring that account permissions are managed at a higher level without compromising account details or operations.

Possible Suspensions or Limitations:

  • Internal Review or Audit: During an internal review or audit, SeniorManagerAccess might be suspended temporarily to ensure no new access permissions are granted while an investigation or compliance review is taking place.
  • Security Incident: If a security incident occurs (e.g., unauthorized access or data breach), SeniorManagerAccess may be restricted to prevent further changes to manager permissions until the issue is resolved.

Key Considerations:

  • Separation of Duties: Ensuring that SeniorManagerAccess cannot perform any operational tasks on the account enforces a clear separation of duties, reducing the risk of fraud or unauthorized transactions.
  • Audit Trails: Every action taken by a SeniorManagerAccess holder, such as creating, modifying, or suspending a ManagerAccess role, should be logged and auditable to maintain accountability and compliance.
@francis-pouatcha francis-pouatcha mentioned this issue Sep 24, 2024
Closed
15 tasks
@Koufan-De-King Koufan-De-King self-assigned this Sep 25, 2024
@Koufan-De-King Koufan-De-King transferred this issue from ADORSYS-GIS/webank Sep 25, 2024
This was linked to pull requests Sep 27, 2024
13 define entity seniormanageraccess #18
Closed
chore: refactored senior manager access as a subclass #24
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Koufan-De-King Koufan-De-King

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@francis-pouatcha @Koufan-De-King