SEPA Payment Suite offers flexible administration with immediate entry into effect of the rights to access functions and data via the GUI. Management of users within the application includes:
creating, amending and deleting users;
re-generating passwords;
activating or suspending users.
In addition to the generic data linked to user management (login, password, name and details, etc.) SEPA Payment Suite users are also linked to:
one or several groups, each group corresponding to a list of profiles defining the user’s GUI rights;
one distributor or creditor entity: this link defines the user’s authorizations in terms of SCIs and Business Codes.
If the user is technical user, on the administrative page when operations like to delete, suspend and regenerate of password will going to happen then Pop Up warning will be open and aware the impacts to user like “Warning: Technical user. This operation could block operations from the organisation”.
Password policy
SEPA Payment Suite implements the rules for password creation as recommended by OWASP. The password should follow the rules as mentioned below:
The password should contain at least :
-
One lowercase character from the character set [a-z]. e.g. PASSTEST_1 will be invalid as it is without a lowercase character.
-
One uppercase character from the character set [A-Z]. e.g. passtest_1 will be invalid as it is without a uppercase character.
-
One digit from the set [0-9]. e.g. pass@TEST will be invalid as it is without a digit.
-
One special character from the character set [!@#$%^&*_+=?;.-]. e.g. passTEST1 will be invalid as it is without a special character.
The password should be of minimum 15 characters and maximum 20 characters. e.g. paTE@1 will be invalid as it is of 6 characters.
The following examples shows the valid passwords:
-
passTest@1
-
PASStest_123
-
pass@TEST_0
Group concept: management of access rights
Each profile making up a group corresponds to a set of roles that allow a given function within the application to be carried out.
Unlike the groups, which can be defined by the administrator via GUI, the application roles and profiles are not configurable.
The diagram below shows the creation of groups using a non-exhaustive collection of SEPA Payment Suite roles and profiles:
Picture 13: Example of group management
Authorizations concept: linking to internal data structures
Linking a user to a distributor entity gives him authorization to access all SCIs and Business Codes for the creditor structures to which he is linked. In the same way, linking a user to a company entity gives him authorization to handle all SCIs and Business Codes linked to said entity.
From then on, the data (SEPA flows, mandates) displayed on the SEPA Payment Suite screen are dependent on these authorizations: a given user can only view the SCIs and Business Codes for which he is authorized through his link. This rule prevails across all the SEPA Payment Suite screens.