Rules and Parameters::Users, Roles and Privileges
Classe Privilege

This entity includes all reference data for Privileges {T2S.11.360}.

Each Privilege can be linked to one or many Parties, Users and Roles. When linking a Privilege to a Party, a User or a Role, the following Boolean attributes are set:
•    Deny Option, to specify whether the associated function is allowed or explicitly denied to the grantee;
•    Administration Option, to specify whether the grantee of the privilege is allowed to grant the same privilege to another Party, User or Role; when revoking for a user a privilege that was granted previously with the administration option, the same privilege is also revoked, according to a cascade principle, for all the parties (including their users and roles) that were previously granted the same privilege by the same user;
•    Four-Eyes Option, to specify whether the grantee of the privilege is allowed to use the associated function according to the Two-Eyes or Four-Eyes principle (this attribute is relevant only for privileges related to functions that can be used both according to the Two-Eyes and to the Four-Eyes principle). {T2S.11.362}

System administrators can grant the available privileges to their Parties, Users and Roles in order to set up their change approval configuration {T2S.16.180}, i.e. the applicable combination of change type (e.g. create, update, delete) {T2S.16.200} and update type (i.e. Two-Eyes mode or Four-Eyes mode) {T2S.16.190} for all the relevant functions and static data objects. {T2S.16.210}

Object privileges, i.e. privileges related to functions that apply to specific static data objects can be granted:
•    In relation to a single static data “secured” object only (e.g. a single securities account);
•    In relation to a “secured” group of static data objects (e.g. a set of T2S dedicated cash accounts).
For each Object Privilege, the set of object types associated to it is already given by definition, i.e. it is determined by the specific function associated to the Privilege (e.g. the privilege to display a security can only be granted for securities and not for other static data object types).

Attributi
<Primitive Type> String Privilege Name Privilege Name

Name of the privilege.

<Primitive Type> String Privilege Description Privilege Description

Description of the privilege.

<Primitive Type> String Privilege Type Privilege Type

It specifies a classification for the privilege. The exhaustive list of possible values is as follows:
•    System, i.e. the associated function does not apply to a specific static data object type (e.g. a function to query the current phase of the settlement day).
•    Object, i.e. the associated function applies to a specific static data object type (e.g. a function to display securities account).

<Primitive Type> String Function Name Function Name

Name of the function associated to the privilege.

<Primitive Type> String Function Technical Identification Function Technical Identification

It specifies all the data needed in order to identify and to trigger the function, e.g. the type of function (query, report, etc), the type of interaction (push, pull, interactive), the set of required input parameters for the function and so forth.

<<Entity>> <Class> Privilege Party privilege Party privilege Party

Proprietà:

Is Abstractfalse
Is Activefalse
Is Leaffalse
NamePrivilege
Namespace<Package> Users, Roles and Privileges
Owner<Package> Users, Roles and Privileges
Package<Package> Users, Roles and Privileges
Qualified NameT2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege
StereotypeEntity
VisibilityPublic

Dettagli attributo

 Function Name
Public <Primitive Type> String Function Name

Name of the function associated to the privilege.

Vincoli:
Proprietà:

AggregationNone
Class<<Entity>> <Class> Privilege
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Lower1
Multiplicity1
NameFunction Name
Namespace<<Entity>> <Class> Privilege
Owner<<Entity>> <Class> Privilege
Qualified NameT2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Function Name
Type<Primitive Type> String
Upper1
VisibilityPublic


 Function Technical Identification
Public <Primitive Type> String Function Technical Identification

It specifies all the data needed in order to identify and to trigger the function, e.g. the type of function (query, report, etc), the type of interaction (push, pull, interactive), the set of required input parameters for the function and so forth.

Vincoli:
Proprietà:

AggregationNone
Class<<Entity>> <Class> Privilege
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Lower1
Multiplicity1
NameFunction Technical Identification
Namespace<<Entity>> <Class> Privilege
Owner<<Entity>> <Class> Privilege
Qualified NameT2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Function Technical Identification
Type<Primitive Type> String
Upper1
VisibilityPublic


 Privilege Description
Public <Primitive Type> String Privilege Description

Description of the privilege.

Vincoli:
Proprietà:

AggregationNone
Class<<Entity>> <Class> Privilege
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Lower1
Multiplicity1
NamePrivilege Description
Namespace<<Entity>> <Class> Privilege
Owner<<Entity>> <Class> Privilege
Qualified NameT2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Privilege Description
Type<Primitive Type> String
Upper1
VisibilityPublic


 Privilege Name
Public <Primitive Type> String Privilege Name

Name of the privilege.

Vincoli:
Proprietà:

AggregationNone
Class<<Entity>> <Class> Privilege
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Lower1
Multiplicity1
NamePrivilege Name
Namespace<<Entity>> <Class> Privilege
Owner<<Entity>> <Class> Privilege
Qualified NameT2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Privilege Name
Type<Primitive Type> String
Upper1
VisibilityPublic


 privilege Party
Private <<Entity>> <Class> Privilege Party privilege Party
Vincoli:
Proprietà:

AggregationNone
Association<Association> A_privilege Party_privilege
Class<<Entity>> <Class> Privilege
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Lower0
Lower Value<Literal Integer> 0
Multiplicity*
Nameprivilege Party
Namespace<<Entity>> <Class> Privilege
Opposite<Property> privilege : Privilege
Owner<<Entity>> <Class> Privilege
Qualified NameT2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::privilege Party
Type<<Entity>> <Class> Privilege Party
Upper*
Upper Value<Literal Unlimited Natural> *
VisibilityPrivate


 Privilege Type
Public <Primitive Type> String Privilege Type

It specifies a classification for the privilege. The exhaustive list of possible values is as follows:
•    System, i.e. the associated function does not apply to a specific static data object type (e.g. a function to query the current phase of the settlement day).
•    Object, i.e. the associated function applies to a specific static data object type (e.g. a function to display securities account).

Vincoli:
Proprietà:

AggregationNone
Class<<Entity>> <Class> Privilege
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Lower1
Multiplicity1
NamePrivilege Type
Namespace<<Entity>> <Class> Privilege
Owner<<Entity>> <Class> Privilege
Qualified NameT2S Data Model::Rules and Parameters::Users, Roles and Privileges::Privilege::Privilege Type
Type<Primitive Type> String
Upper1
VisibilityPublic