505 Multi-Company/Syndicate Security

505 Multi-Company/Syndicate Security

505 Multi-Company/Syndicate Security

Distribution: / XGIS
IUG
Reference: / Q:\Lmd\Development\300070041-MultiCompanySyndicateSecurity-IUG\02 Specification\IUG-300070041-MultiCompanySyndicateSecurity-Functional.01.doc
Author: / Tim Herbert
Applicability: / Product
Customers / IRIS 9.15
IUG
Global Insurance Solutions Ref / 300070041
SAP Network ID / P-IRGRP060
IUG Reference: / 505
Version: / 01
Revision Date: / 22/08/2005
Authorised by: / ______/ Projects Manager / Date: / / /

© Xchanging Global Insurance Solutions Ltd. 2004

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of Xchanging Global Insurance Solutions Limited (XGIS).

This document contains information which is confidential and of value to Xchanging Global Insurance Solutions Ltd. It may be used only for the agreed purpose for which it has been provided. Written consent is required before any part is reproduced.

Note: This document is submitted to the IRIS User Group solely for informational purposes and shall not be deemed or construed to be a contract or agreement binding on Xchanging Global Insurance Solutions Ltd. Only signed hard copies and electronic masters of documents will be controlled. Any other copy may not be current.

Trademark Information

Company, product, or brand names mentioned in this document, may be the trademarks of their owners.

1.  Amendment History

Reason / Date / New Reference
Version 1 / 22/08/2005 / Q:\Lmd\Development\300070041-MultiCompanySyndicateSecurity-IUG\02 Specification\IUG-300070041-MultiCompanySyndicateSecurity-Functional.01.doc

Contents

1. Amendment History 2

2. Introduction 4

2.1 High Level Business Overview 4

2.2 Background 4

2.3 Scope 4

2.4 Outside Scope 5

2.5 Acceptance Criteria 5

3. Functional Design 6

3.1 Summary 6

Defining Security Indices 7

3.1.1 Adding an Indexed Field 8

3.1.2 Field Value Partitions 11

3.2 Configuring Syndicate Groups 12

3.3 Index Rebuild 12

3.4 Configuring Policy/Syndicate Level Restrictions 13

3.4.1 Policy Level Restrictions 14

3.5 Adding Field-Level Security 15

3.5.1 Endorsed policies and multi-sectional Policies 19

3.6 Policy Action Security Settings 21

3.6.1 Live Policy Actions 21

3.6.2 Declinature Actions 21

3.6.3 Memo Actions 21

3.6.4 Skeleton Policy Actions 21

3.6.5 Promise Actions 21

3.6.6 Quote Actions 21

3.7 Changes to the Policy Selection Dialog 22

3.8 Additional Closings Security Settings 22

3.9 Changes to the IRIS Superquery functions 22

3.10 System Administration Print Facility 23

4. Example Scenario 25

4.1 Basic Company Code Example 25

5. Unit Test plan 26

6. Costing 28

2.  Introduction

2.1  High Level Business Overview

2.2  Background

These enhancements were identified by XGIS and agreed by the IUG.

The original description for the enhancement is as follows:

Introduce additional security into IRIS at the following levels for users/roles:

1. Ability to restrict access to data via code information. e.g. allows users to only have access to specific company codes (either NONE, READ or UPDATE). If a user doesn’t have any access to a specific company's business then the enquiries should automatically exclude data relating to that company from enquiries run by that user. This could equally well be syndicate code or some other coded piece of information on a risk.

2. Ability to restrict the use of product codes (e.g. so a user only sees the product codes that they are allowed to use)

3. Ability to restrict access at the inwards/outwards level (e.g. grant a user update access to inwards policies but only view access of outwards policies)

4. Restrict users so they can get into Skeleton Input, but not into Policy Input (e.g. add security down to the 'Entry Type' and 'Action' level)

5. Restrict Closings authorisation by user.

2.3  Scope

This enhancement will involve changes to the following areas of the IRIS system:

·  System Administration Utility – will be used to configure the additional security options

·  IRIS Input functions – will prevent objects from being edited or viewed according to the new security rules in place. They will also prevent the user from saving changes to an object that would cause a conflict with the new security rules.

·  IRIS Enquiry functions – only records where the user has sufficient security access will be displayed.

·  Superquery functions – when a security restriction is placed on a field, the superquery function for that field will be filtered to any allow selection of allowed values.

·  Policy Selection Dialog – when creating a new policy, the product codes available to the user will be restricted to those allowed by the enhanced security system. The selected action (eg. ‘New’ / ‘Copy’) and entry type (eg. ‘Policy’ / ‘Quote’) will be validated against the new security rules.

·  Closings – Additional security settings will be added to the actions that can be performed against a pending closing (e.g., ‘Authorise’, ‘Delete’, etc.)

2.4  Outside Scope

The IRIS reporting system will not take into account restrictions applied to individual users. An administrator, when preparing the report definitions that the user will eventually run should take the security issues into consideration when designing the report, and add fixed criteria manually. Forcing these additional restrictions into the queries run for every report will adversely affect the performance of the reporting system. This restriction will also apply to the user-defined enquiries made possible using the Enquiries Designer system (SN 300068510).

2.5  Acceptance Criteria

All the above requirements are implemented.

3.  Functional Design

3.1  Summary

The System Administration Utility will allow permissions given to a user (or all users assigned to a given role) to be dependent on properties of a policy object being accessed.

When the access to a function depends on policy detail fields, IRIS will maintain a security index within the database, allowing the security to be tested efficiently throughout IRIS. Certain details pertaining to a policy (such as product code, direction and underwriting type) will always be available without an index being maintained. IRIS will allow a maximum of eight indexes to be created.

It will also be possible to define groups of values (partitions) for reference fields, minimizing the amount of work that IRIS has to perform when accessing restricted functions. For example:

·  Marine and non-marine class codes

·  Groups of territories

Field-level security will be defined at data-environment level, since the restrictions themselves will depend on the data available within the environment. In order to assist the system administrator in configuring field-level security restrictions, a codes transfer operation would need to be performed.

In addition to policy fields, it will be possible to group together sets of syndicate codes within the System Administration Function. The existence of a syndicate line attached to a policy will also be able to be used to control a permission or access level.

Defining Security Indices

A new option will be available when configuring a data environment within the System Administration Utility. This will allow the system administrator to specify policy fields that they want to use to restrict certain functions.

Figure 01 Screen Sample: Security Field Indices

The ‘Security Field Indices’ button will only be enabled when the system administrator is logged on to the selected environment (since the System Administration Utility needs to access the IRIS database). If the button is pressed before a codes transfer has been performed for the environment, an error message will be displayed.

Otherwise, when this option is selected, a new screen will be displayed. This will list fields currently indexed, allow additional fields to be indexed, allow fields to be removed, and allow field values to be partitioned.

Figure 02 Screen Sample: Indexed Field List

3.1.1  Adding an Indexed Field

This screen will allow the system administrator to choose a new field to be indexed. A list of available fields will be displayed, and a find option will allow the user to search for a specific field.

Figure 03 Screen Sample: Adding Indexed Field

It will be possible to create security indexes for the following fields:

Strictly Private & Confidential Page 28 of 28

Global Insurance Solutions Version 01

Printed 12/09/05

Ref Q:\Lmd\Development\300070041-MultiCompanySyndicateSecurity-IUG\02 Specification\IUG-300070041-MultiCompanySyndicateSecurity-Functional.01.doc

505 Multi-Company/Syndicate Security

Field / Description /
POLBR1 / Account Source
POSBC1 / Account Source Sub Account
POACIN / Accrual Class Code Indicator
POADFL / Adjustable flag
POBDFQ / Bordereaux Required?
POBHCD / Branch
POSYC2 / Bureau 2 char ID code
POBOLD / Bureau Leader
POCCCD / Ceding Company
POCKBY / Checked By
POCBCD / Class
POQGSS / Commutation Status
POCSCD / Company Master
POCSSX / Company Master Suffix
POCDCD / Conditions
POKXCD / Construction Class
POAACV / Country
POCYCD / Country
POCRCD / Coverage
PODPCD / Department
PODPDV / Department Division
PODFCI / Differing Conditions Flag
PODNCD / Dimension
POQDFG / Direct/Reinsurance
PODMCD / Domicile
PODICD / DTI
POECFG / ECO Flag
POEEFG / EEC Indicator
POEZFG / EML Flag
POETCD / Event
POELCD / Exclusions
POXXCD / Exposure
POGUCD / Group ID Code
POIPCD / Incident or Peril
POIXTY / Index Type
POIZCO / Intermediary Company
POIZLQ / Intermediary Company Location
POIZTA / Intermediary Territory
POIPTF / IPT flag
POJRCD / Jurisdiction
POLDCD / Leader(Coded)
POLMCD / Limit
POCLFG / Limit Co-insurance Applied
POLYCD / List
POLQCD / Location
POLOPE / Loss Period
POMPCD / Major Peril
POTJCD / Major Trade
POMKCD / Market
POBCAP / No Claims Bonus Applied
POBCCU / No Claims Bonus Currency
PONOTI / Notice Indicator
PONRPD / Notice Renewal Period
POOXID / Operator ID
POLWCU / Orig Loss Warranty Ccy
POOGCD / Origin
POLBR2 / Originating Broker
POSBC2 / Originating Broker Sub Account
POQOSS / Out Mode Status
POUTFG / Out Res Track Flag
POPDFL / Paid Flag
POPLCD / Placing
POBSPI / POBSPI
POPC01 / Policy Code Number 1
POPC10 / Policy Code Number 10
POPC11 / Policy Code Number 11
POPC12 / Policy Code Number 12
POPC13 / Policy Code Number 13
POPC14 / Policy Code Number 14
POPC15 / Policy Code Number 15
POPC16 / Policy Code Number 16
POPC17 / Policy Code Number 17
POPC18 / Policy Code Number 18
POPC19 / Policy Code Number 19
POPC02 / Policy Code Number 2
POPC20 / Policy Code Number 20
POPC03 / Policy Code Number 3
POPC04 / Policy Code Number 4
POPC05 / Policy Code Number 5
POPC06 / Policy Code Number 6
POPC07 / Policy Code Number 7
POPC08 / Policy Code Number 8
POPC09 / Policy Code Number 9
POPTCD / Policy Type Code
POBNTY / Prem Calc Method
POCPFG / Premium Co-insurance Applied
POCPAP / Profit Commission Applied
POCPCU / Profit Commission Currency
POZJCD / Project
PONPCD / Property ID
POQPMS / QPM Status
PORICD / R/I
PORAFL / R/I Attached Flag
PORITY / R/I Type
PORLF1 / Rate On Line Override Flag 1
PORLF2 / Rate On Line Override Flag 2
PORLF3 / Rate On Line Override Flag 3
PORLF4 / Rate On Line Override Flag 4
PORLF5 / Rate On Line Override Flag 5
PORBCD / Rating Basis
POZZFG / Reciprocal Flag
PODRUT / Reject Bureau Transaction Flag
PORWFG / Renewal Indicator
PORWTY / Renewal Type
PORRCD / Retro
PORRFP / Retro Complete Flag
PORRID / Retro ID
POGKCD / Risk Grade
POSQNO / Serial Number
POLBRC / Source
POSECD / Section
POSOCD / Source Of Business
POZQCD / Special Clause
POZMCD / Stamp
POZICD / Standard R/I
POSSCD / Status
POZLFG / Stop Loss Flag
POSBCD / Sub Account
POSXCD / Syndicate Code
POTQPT / Taken up QPM Type
POTACD / Territory
POTDCD / Trade
POUWCD / Underwriter
POUGCN / Underwriting Control
POULLB / Unlimited Liability Flag
POUSTF / Us Trust Fund
POVACD / VAT
POWHCD / Whole A/C
POWHOR / Whole/Order Indicator
POWRFL / Wording Flag
POWGFG / Wording Indicator
POWSID / Workstation ID
POWTFL / Written Transaction Flag
POUXFG / XSL On Outward Flag

Strictly Private & Confidential Page 28 of 28

Global Insurance Solutions Version 01

Printed 12/09/05

Ref Q:\Lmd\Development\300070041-MultiCompanySyndicateSecurity-IUG\02 Specification\IUG-300070041-MultiCompanySyndicateSecurity-Functional.01.doc

505 Multi-Company/Syndicate Security

The following fields are contained within the policy header record, and will be available to the extended security system without specifying that a security index be built. It will however be possible to build an index over these fields (for the purposes of simplifying the rules applied to individual security permissions):

Strictly Private & Confidential Page 28 of 28

Global Insurance Solutions Version 01

Printed 12/09/05

Ref Q:\Lmd\Development\300070041-MultiCompanySyndicateSecurity-IUG\02 Specification\IUG-300070041-MultiCompanySyndicateSecurity-Functional.01.doc

505 Multi-Company/Syndicate Security

Field / Description /
PHT6CD / 1 Char Reference
PHR011 / 1 Char Reference
PHR061 / 6 Char Reference
PHCOCD / Company
PHDANO / Declaration Number
PHIWFG / Inwards/Outwards Flag
PHLECD / Ledger
PHNUCD / NTU Reason
PHUSRF / Our Reference
PHPKNO / Package Number
PHPDCD / Policy Description
PHPONO / Policy No
PHPOSQ / Policy Sequence
PHPOTY / Policy Type (Q/F)
PHP#CD / Product
PHP#CM / Product Code of Master
PHPMCD / Programme Code
PHQPMY / QPM U/W Year
PHQPMU / QPM Unique Number
PHQEDT / Quote Expiry Date
PHQEDY / Quote Expiry Days
PHT2CD / Risk Sub type
PHT1CD / Risk Type
PHTICD / TRIA Code
PHUGYR / U/W Year
PHUGTY / Underwriting Type
PHRFNO / Unique Ref Number

Strictly Private & Confidential Page 28 of 28

Global Insurance Solutions Version 01

Printed 12/09/05

Ref Q:\Lmd\Development\300070041-MultiCompanySyndicateSecurity-IUG\02 Specification\IUG-300070041-MultiCompanySyndicateSecurity-Functional.01.doc

505 Multi-Company/Syndicate Security

3.1.2  Field Value Partitions

Field value partitions will allow groups of related field values to be grouped together for the purposes of restricting user access. Carefully selected partitions will give the following benefits: