Security Groups

Security Groups are designed so that managers can set Temenos Lifecycle Management Suite access for an entire group. Rather than going through the process of assigning individual user permissions and access to features for every employee, administrators can assign permissions to Security Groups to provide access to all Lifecycle Management Suite features that can be set at the individual user level.

Security Groups can be created and managed from System Management > Groups > Security Groups.

The Security Groups page displays the following columns of information about each Security Group:

Column Name	Description
Name	The name of the Security Group.
Description	The description of the Security Group.
Last Modified	Denotes when the last modification to the Security Group was made.
Modified By	Denotes who made the last modification to the Security Group.

Security Group Attributes

All security groups have common attributes that are defined while creating, copying, or editing a security group.

General

The General attributes include the basic information about the security group.

The following General security group attributes are defined in the General tab:

Attribute	Description
Name	Provide a name for the Security Group. This is a required field.
Description	Provide details about the Security Group.

Permissions

Use the Permission attribute, located in the Permissions tab, to manage the new Security Group’s access to several features throughout the Lifecycle Management Suite. This tab contains 2 columns: Function and Permission. Click under the Permission column in the corresponding row of the screen and a drop-down appears. Change the value in this drop-down to assign the security group access to the function. The following permission options are available within the permission drop-down:

None: The selected the user does not have permission to view or execute the feature.
Change: The selected the user has full access to the feature. User can view and edit.
View: The user has the ability to view the function but does not have the ability to change or execute it.

If an individual user permission is set to “None” but the user is a part of a Security Group that has “Change” permission to the same feature, the system defaults to “Change.” The higher permission between the user and group level is systematically set.

Below is a list of the permissions that can be customized by the administrator and their description:

Show Permissions

Below is a list of all the permissions that can be customized by the administrator and their description.

Collections

Name of Permission

Description

Edit Expenses:

Allows a user to add and edit expenses within the Expenses - Account screen in the workspace.

None = Users cannot add or edit expenses within the Expenses - Account screen. When the screen opens in the workspace, the toolbar is not available, and the screen displays as read-only.

Change = Allows users to add and edit expenses within the Expenses - Account screen.

Edit Letters:

Allows a user to edit the letters assigned to a Send Letter Workflow step.

None = Users are unable to edit letters in the Send Letter workflow step. When View/Print is clicked in the workflow step, the letter opens in a PDF document, which does not permit changes.

Change = Allows users to modify letters in the Send Letter workflow step. When View/Print is clicked in the workflow step, the letter opens in an editable Word document.

Edit Promise Payments:

Allows a user edit existing promise payments made within the person workspace.

None = Users cannot edit promise payment arrangements, or cancel promises in the Promises screen.

Change = Allows users to edit promise payment arrangements, and cancel existing promises in the Promises screen.

Edit Promise Status:

Allows a user to edit the promise status of an existing promise made in the person workspace.

None = Users cannot edit promise statuses in the Promises screen.

Change = Allows users to edit promise statuses in the Promises screen.

This permission should only be given to administrators. Changing the promise status does not update promise reports/dashboards and should not be normal practice.

End Exclusive Rule Authoring Session:

Allows a user to end an exclusive Rule Authoring session in System Management > Collections > Rules Management.

None = User is not able to end the exclusive rule authoring session of another user in Rules Management. The End Session button is disabled within the Rule Sessions tab.

Change = User is able to end the exclusive rule authoring session of another user in Rules Management. The End Session button is enabled within the Rule Sessions tab.

Event Processing:

Allows a user to create and maintain event and action pairings.

None = Event Processing screen within System Management is not available to user.

View = Event Processing screen within System Management can be viewed but not edited by user.

Change = Event Processing screen within System Management screen can be viewed and edited by user.

Recovery Approval:

Allows a user to view and process pending charge offs within System Management.

This permission is only available to institutions using the Lifecycle Management Suite's Recovery module.

None = Users do not have access to the Recovery Approval page in System Management and are not able to respond to charge-offs pending approval.

View = Users have access to the Recovery Approval page in System Management but are not able to accept and/or reject charge-offs.

Change = Users are able to both access the Recovery Approval page in System Management and process pending charge-offs.

Rules Management:

Allows a user to access the Rules Management application. The Rules Management application allows users with proper permissions to view and create rules to apply in various contexts throughout the system.

None = Users do not have access to the Rule Management page in System Management > Collections, and do not have the ability to view/open the rules manager in various other areas in the system that utilize the rules integration.

Change = Allows users access to the Rules Management application throughout the system.

View Masked Fields:

Allows a user to view the value of masked fields in the workspace.

None = User is unable to view the value of masked fields in the workspace. When the user hovers over the icon for a masked field, a tool-tip is presented to the user to identify that permission to unmask the field is not enabled

View = User is able to view the value of masked fields in the workspace. Clicking the icon unmasks the value of the field in the workspace.

Check out the View Masked Fields Permission video to see this permission in action!

Workspace:

Allows a user to perform various functions within the person workspace, such as writing comments or working a queue, as well as grants the user permission to use the Search feature within the Ribbon Bar.

None = Users are not able to perform various functions within the workspace, such as posting a comment, or working a queue, and can not access workspaces from the Queues, Views, and/or Dashboards page. When set to None, the user is also unable to use the Search feature; therefore, the is disabled in the Ribbon Bar.

View = Allows users to view comments and queues in the workspace, but not work queues. When set to View, users are able to access workspaces from the Queues, Views, and/or Dashboards page, and use the Search feature; however, only screens and workflows that the user is assigned permission to are available in the Left Navigation Panel, and no changes can be made to any screens and/or workflows in the workspace.

Change = Allows users to perform various functions in the workspace, such as posting a comment, and working queues. When set to Change, users can access workspaces using the Search feature, as well as from the Queues, Views, and/or Dashboards page, and are able to perform all functions for the selected account or person in the workspace.

In addition to having View or Change permission for the Workspace, a user must also be assigned to the specific queue, view, or dashboard in order to open the workspace for the account or person.

All Custom Searches configured for an institution are available within the Search window for any user who is granted permission to use the Search feature.

For institutions that use both Account Servicing and Origination: There are two separate permissions that control the Search feature for the Account Servicing categories and Origination categories; therefore, it is possible that a permission may be set to View or Change for one, but set to None for the other. When this occurs, the user is only able to use the Search feature for the modules to which he or she is granted permission to access. For example, the Origination Workspace permission under the Application Processing category controls the Search feature for the Origination modules. If the Workspace permission is set to View or Change, but the Origination Workspace permission is set to None, the user is able to click in the Ribbon Bar to perform a full search using the Account Servicing categories, but the Origination categories are not available to the user, and the user is not able to open applications from the Queues, Views, and/or Dashboards page.

Recovery
Name of Permission	Description
Activate Repayment Plan: Allows the user to activate a repayment plan for a recovery account.	None = Activate Repayment Plan button is not enabled for the user on a Repayment Plan screen. Change = Activate Repayment Plan button is enabled for the user on a Repayment Plan screen.
Cancel Repayment Plan: Allows the user to cancel a repayment plan for a recovery account.	None = Cancel Repayment Plan button is not enabled for the user on a Repayment Plan screen. Change = Cancel Repayment Plan button is enabled for the user on a Repayment Plan screen.
Create Repayment Plan: Allows the user to create a repayment plan for a recovery account.	None = Create Repayment Plan button is not available in the workspace ribbon. Change = Create Repayment Plan button is available in the workspace ribbon.
Finalize Recovery Account / Repayment Plan: Allows the user to complete recovery accounts and repayment plans for a recovery account.	None = Finalize Repayment Plan button is not enabled for the user on a Repayment Plan screen. Finalize Recovery Account button is not enabled for the user on an Account screen. Change = Finalize Repayment Plan button is enabled for the user on a Repayment Plan screen. Finalize Recovery Account button is enabled for the user on an Account screen.
Modify Active Repayment Plan Payments: Controls the availability for the Recalculate button within the Repayment Plan Scheduled Payments panel and allows the user to modify an active repayment plan.	None = Recalculate button is not enabled for the user on the Repayment Plan Scheduled Payments panel. Change = Recalculate button is enabled for the user on the Repayment Plan Scheduled Payments panel.
Modify Charge Off Properties: Allows the user to modify information for an account that was recommended and approved for charge-off.	None = User cannot execute the Charge-Off Account workflow step. Change = User can execute the Charge-Off Account workflow step.
Recalculate Accounting Rule Interest: Allows the user to recalculate interest real-time on a recovery account or repayment plan through the Recalculate Interest button added to a recovery account or repayment plan Interest Rates panel.	None = Recalculate Interest button is not enabled for the user on an Interest Rates panel. Change = Recalculate Interest button is enabled for the user on an Interest Rates panel.

Modules

Name of Permission

Description

RECOVERY:

Allows a user to view and change settings within the Recovery page in System Management. Any changes made within the Recovery page apply to all of Recovery in the Lifecycle Management Suite.

None = Users can not view or access recovery settings in System Management > Modules > Recovery.

View = Allows users to view recovery settings, but not make any changes to the settings in System Management > Modules > Recovery.

Change = Allows users to view and make changes to recovery settings in System Management > Modules > Recovery.

System Management

Name of Permission

Description

Data Purging

Allows a user to view and change the data purge settings for Lifecycle Management Suite database tables.

None = Users can not view or access the Data Purging page in System Management > Data Purging.

View = Allows users to view, but not make any changes to the Data Purging page in System Management > Data Purging.

Change = Allows users to view and make changes within the Data Purging page in System Management > Data Purging.

Field List Configurations:

Allows a user to map values from the BANKRUPTCY_PARTY_TYPE and PARTY_TYPE lookups to up to 10 flattened Bankruptcy Party or Legal Party fields, in order to populate the data in letters, views, and/or reports.

None = Users cannot view or access the Field List Configurations page in System Management..

View = Allows users to view the Field List Configurations page in System Management, but not make any changes.

Change = Allows users to view and make changes within the Field List Configurations page in System Management.

GL Accounts (Recovery Module):

Allows a user to view and change GL Accounts when using the Recovery Module. GL Accounts are used when defining the posting rules on a transaction code to determine how a new transaction is allocated on a recovery account.

None = Users can not view or access the GL Accounts page in System Management.

View = Allows users to view but not make any changes to the GL Accounts page in System Management.

Change = Allows users to view and make changes within the GL Accounts page in System Management.

Letter Barcode Activation:

Allows a user to activate the letter barcode process and define the location where scanned files are to be placed for the institution.

None = Users can not view or access the Letter Barcode Activation page in System Management > Communication > Letter Barcode Activation.

View = Allows users to view, but not make any changes to the Letter Barcode Activation page in System.

Change = Allows users to view and make changes within the Letter Barcode Activation page in System Management.

Letter Barcode Scanning Exceptions:

Allows a user to view exception documents, as well as manually attach the documents to the applicable account or cases.

None = Users can not view or access the Letter Barcode Scanning Exceptions page in System Management > Communication > Letter Barcode Scanning Exceptions.

View = Allows users to view, but not make any changes to the Letter Barcode Scanning Exceptions page in System.

Change = Allows users to view and make changes within the Letter Barcode Scanning Exceptions page in System Management.

Letters and Forms:

Allows a user to create letters and other forms to be used when working a case within the system.

None = Users can not view or access the Letters and Forms page in System Management > Communication > Letters and Forms.

View = Allows users to view but not make any changes to the Letters and Forms page in System Management > Communication > Letters and Forms.

Change = Allows users to view and make changes within the Letters and Forms page in System Management > Communication > Letters and Forms.

Transaction Codes (Recovery Module):

Allows a user to track payments, adjustments, and expenses on charged off accounts. Multiple transaction codes can be configured to apply funds differently to an account.

None = Users can not view or access the Transaction Codes page in System Management.

View = Allows users to view but not make any changes to the Transaction Codes page in System Management.

Change = Allows users to view and make changes within the Transaction Codes page in System Management.

System Management - Recovery
Name of Permission	Description
Batch Transaction Import Allows a user to process a Batch Transaction Import	None = System Management screen not available to user. View = System Management screen can be viewed but not edited by user. Change = System Management screen can be viewed and edited by user.
Batch Transaction Import Review: Allows a user to review transactions and allow or prevent them from processing.	None = System Management screen not available to user. View = System Management screen can be viewed but not edited by user. Change = System Management screen can be viewed and edited by user.
Debt Cancellation: Allows a user to view, export and mark recovery accounts as reported to the IRS.	None = System Management screen not available to user. View = System Management screen can be viewed but not edited by user. Change = System Management screen can be viewed and edited by user.
Recovery Approval: Allows a user to view accounts recommended for charge-off and either charge-off the account or reject the recommendation.	None = System Management screen not available to user. View = System Management screen can be viewed but not edited by user. Change = System Management screen can be viewed and edited by user.

Users

Within the Users tab, assign active users within the Lifecycle Management Suite to be a part of the Security Group.

Screens

Within the Screens tab, assign available screens to the Security Group. If a screen is assigned, the users in the Security Group have access to the screen in the workspace.

If the security group the user is assigned to has access to the screen, by default the user has access to the screen, even if they do not at the user level.

The screens and boxes that display on the Security Group Edit screen are determined by the enabled module. For example, if loan origination is not active, lending screens are not available to be assigned and the Available and Assigned Lending boxes do not display on the Screens tab.

Workflow

Workflows can be assigned in the Workflow tab. There are three levels of access a security group can have on a workflow: None, View, or View & Execute.

None: The Security Group is not able to view the workflow history associated to the workflow nor execute the workflow.
View: The Security Group can view the workflow history associated to the workflow but cannot execute it.
View & Execute: The Security Group can view the workflow history and execute the workflow on an account, case, or person.

If the security group the user is assigned to has access to the workflow, then by default the user has access to the workflow even if they do not have permission at the user level.

In order for a user to have access to a workflow in an Area, the following criteria must be met:

The workflow must be assigned to the Area.
The user must have direct security access to the workflow or access through a security group.
For each workflow, security can be set on the Area and the User or Security Group level. This security only applies when a user enters the Workspace of an Area. For example, if a workflow is not assigned to an Area, the workflow does not appear in the Area regardless of the security applied to the workflow.
When assigning a workflow to an Area or assigning Users and Security Groups to a workflow, there are three levels of security: None, View and View & Execute. None is the lowest level of security and View & Execute is the highest level of security.

Dashboards

On the Dashboards tab, assign available dashboards to the Security Group. If assigned, the user is able to open the dashboard from the dashboard icon in the Lifecycle Management Suite ribbon.

If a user has individual permission to a dashboard, by default the user has access to the dashboard even if they do not at the Security Group level.

Views

On the Views tab, assign available views to the user. If assigned, the user is able to open the view from the views icon in the Lifecycle Management Suite ribbon.

If a user has individual permission to a view, by default the user has access to the view even if they do not at the Security Group level.

Reports

On the Reports tab, assign available reports to the Security Group. If assigned, the Security Group has the ability to view/run the reports from the reports icon in the Lifecycle Management Suite ribbon.

If a user has individual permission to a Report, by default the user has access to the view even if they do not at the Security Group level.

Areas

On the Areas tab, assign available areas to the Security Group. These assigned areas are available to the Security Group in the Areas drop-down in the Person workspace.

If a user has individual permission to an area, by default, the user has access to the area even if they do not have permission at the Security Group level.

Lending Settings

Lending Settings enables administrators to assign Application Sources and Restricted Account Types to a Security Group.

At the top of the Lending Settings tab, a multi-grid containing the following tables control which application sources users within the security group are able to process applications for:

Table	Description
Available Application Sources	Contains a list of all the application sources that have not been assigned to the security group. Upon assigning an application source the security group, it is removed from the available list.
Assigned Application Sources	Contains a list of all application sources that have been assigned to the security group.

Use the multi-grid controls to assign or unassign the desired application sources.

At the bottom of the Lending Settings tab, a multi-grid containing the following tables control which restricted account types users within the security group are able to process applications for:

Table	Description
Available Restricted Account Type	Contains a list of all the restricted account types that have not been assigned to the security group. Upon assigning a restricted account type the security group, it is removed from the available list.
Assigned Restricted Account Type	Contains a list of all restricted account types that have been assigned to the security group.

Use the multi-grid controls to assign or unassign the desired restricted account types.

When finished navigating through all of the tabs and entering in information, click Save or Save and Close to save the new Security Group and return to the Security Groups page. The new Security Group populates in the Security Groups page and can now be assigned to features throughout the Lifecycle Management Suite. Click Cancel to return without saving.

Show Creating a Security Group

To create a new Security Group, click .
The New Security Group screen appears.
Navigate through the tabs and update the necessary attributes to the Security Group.
When finished navigating through all of the tabs and entering in information, click to retain the new Security Group and return to the Security Groups page. The new Security Group populates in the Security Groups page and can now be assigned to features throughout the Lifecycle Management Suite.

Show Copying a Security Group

Select a Security Group to highlight it.
Click Copy. The Copy Security Group screen appears.
Navigate through the tabs and make any required/necessary changes to the Security Group.
When finished navigating through all of the tabs and entering in information, click to retain the new Security Group and return to the Security Groups page. The new Security Group populates in the Security Groups page and can now be assigned to features throughout the Lifecycle Management Suite.

Show Editing a Security Group

Select a Security Group to highlight it.
Click . The Edit Security Group screen appears.
Navigate through the tabs and make any necessary changes to the Security Group.
When finished navigating through all of the tabs and entering in information, click to retain the Security Group and return to the Security Groups page.

Show Deleting a Security Group

Select a Security Group to highlight it.
Click .
A confirmation message appears. Click Yes to delete the security group. Click No to return to the Security Groups page without deleting.