Security Management in T24 Core Banking
- Josef Mayrhofer
- 13 minutes ago
- 3 min read
Security Management System in T24 deals with aspects like:
Who can log in to T24?
How can they log in?
When can they log in?
What can they do after login?
How long can they be active?
A specialized application called USER is designed to answer all the above questions. Let's get into the USER application's main fields and functionality.
USER NAME: Actual user name who is using the T24
SIGN ON NAME: This is the screen login name.
For example, ‘RAKESH N’ is the USER NAME of the person using the T24 application with SIGN ON NAME as ‘’RAKESH01’. In this case, RAKESH01 will be used to log in to T24.
START DATE PROFILE: The Date on which the profile will be active. Should not be less than TODAY’s date
END DATE PROFILE: The Date the T24 user profile will be inactive. After this date, the USER won’t be able to log in.
START TIME and END TIME : Time between which the T24 USER can log in. This can be multiple time intervals. All users should opt to stop all the inactive users in T24 and for USER management.
TIMEOUT MINUTES: This is the time after which the USER will automatically be logged out. This is also another necessary step for USER management.
ATTEMPTS: The USER is given several attempts to log in with correct credentials. After which the USER will be locked. We can use PASSWORD.RESET to unlock the USER.
APPLICATION: Which Application can this particular user use? If ALL.PG is specified, and the user can access all applications.
FUNCTION: Functions like INPUT, AUTHORIZE, DELETE, REVERSE , SEE, and VIEW can be specified for the user. The user is only able to perform those functions.
Function | Definition |
A | Authorize |
2 | 2nd Level Authorization |
B | Background Valid |
C | Copy |
D | Delete |
E | Exception |
H | History Restore |
I | Input |
L | List |
P | |
Q | Auditor Review |
R | Reverse |
S | See |
V | Verify |
F | Fast Input |
OVERRIDE.CALSS : Permission by the user to override any message is defined in this field.
ATTRIBUTES: User for specific browser functionality. Usually COMMAND.LINE and SUPER.USER is allowed for most of the internal resources.
COMMAND.LINE | The user is allowed the use of the command line in the T24 Browser. |
DEV.STUDIO | Reserved for future use. |
EXPLORER | Allows the user to use the Application explorers |
LOCK.DEACTIVATION | Prevents USER access to the User Deactivation listed in the Tools dropdown list. |
LOCK.DESIGNERS | Prevents USER access to the listed Designer Tools drop-down list. |
LOCK.MISC.ITEMS | It will bring up a Security Violation when the User Abbreviations Toolbar, Enquiry, and Report lists are used. |
LOCK.PREFERANCES | Prevents USER access to the User Preferences listed in the Tools dropdown list. |
NO.ENQUIRY.EXPORT | Prevents USER Exporting Enquiry data from an Enquiry screen; the icon will be dimmed and non-reactive. |
ENQUIRY.INDEX | Allows access to the enquiry index |
REALTIMEENQUIRY | Allows the use of real-time enquiries for this user. |
LOCK.PREFERENCES | If the user is given this option, then the ‘User Preferences’ option under the ‘Tools’ menu on the Desktop toolbar will be disabled. |
SUPER.USER | The user has access to all of the features detailed above and for all future functionality with the exception of REALTIMEENQUIRY. |
Enhanced Features in USER application:
USER.SMS.GROUP: Instead of defining APPLICATION and FUNCTION separately, both can be defined in USER.SMS.GROUP application and that ID can be attached to the APPLICATION field. It’s like one arrow and two birds.
ACTIVITY LOGGING: To track USER behavior and activities, we record data in these fields.
SIGN.ON.OFF | Signing on and off |
SECURITY.MGMT.L | running an SMS application |
APPLICATION.LOG | running any application |
FUNCTION.ID.LOG | entering a function and record id |
USER.PASSWORD: After the USER is set up, this application needs to be set up to create and maintain the passwords.
SPF> SYSTEM: PASS fields are available to define password-related restrictions.
PASSWORD.RESET: Reactivate the inactive users and reset passwords
USER management is crucial for CPU utilization as well. In some instances, many users are given access to UAT/PROD with access to all the APPLICATION and FUNCTIONS. Any unnecessary logins and ENQUIRY run will take most of the CPU time. When it comes to financial data. It’s better to opt 2nd second-level authorization for their applications.
Keep up the great work! Happy Performance Engineering!
Comments