1. Data Protection Guide
  2. Access Control for Audit Information

5 Access Control for Audit Information

OBAPI provides mechanism for maintaining audit trail of transactions / activities done by its users in the system.

This audit trail is expected to be used for customer support, dispute handling. It can also be used for generating some management reports related to feature usage statistics etc.

From a data protection perspective it is worth noting that the audit trail contains.

PII data in the form of transactional data as well as usage trends or statistics. Hence it is necessary for the Bank to put in place appropriate access control mechanisms so that only authorized Bank employees get access to this data. OBAPI provides comprehensive access control mechanism that the Bank can leverage to achieve this.

This access control can be achieved using the role based transaction mapping. This section focuses specifically from data protection aspect. You are requested to go through the user manual for ‘Role Transaction Mapping’ before reading further in this section. As an example, we have considered a use case where the Bank wants to restrict access to ‘Audit Log’ feature so that only the permitted set of administration users will be able to access audit of the users. Please note that same process can be applied to other services that deal with PII data. For example, same process can be used for restricting access to user management functions.

Check the ‘out of box’ access granted

There are two ways to check the Audit Information

  • Maintenance
  • Utilization

Maintenance (Performed by system admin)

  1. Log in using Authadmin credentials.
  2. Go to tab Role Transaction Mapping.
  3. Find application role named “AuditAdmin” or “AuthAdmin”.
    Description of dp1.png follows
    Description of the illustration dp1.png

  4. Click on AuditAdmin and click on edit symbol as shown.
    Description of dp2.png follows
    Description of the illustration dp2.png

  5. Assign module name “Admin Maintenance” and check “Internet”.
    Description of dp3.png follows
    Description of the illustration dp3.png

  6. Under Admin maintenance give access of Module name Audit log to it and click Save.
    Description of dp4.png follows
    Description of the illustration dp4.png

  7. Click Submit.
    Description of dp5.png follows
    Description of the illustration dp5.png

Utilization

  1. Go to User Management.
  2. Click Create user.
    Description of dp6.png follows
    Description of the illustration dp6.png

  3. Select Administrator.
    Description of dp7.png follows
    Description of the illustration dp7.png

  4. Fill necessary details.
    Description of dp8.png follows
    Description of the illustration dp8.png

  5. Select AuditAdmin or Authadmin as an application role.
    Description of dp9.png follows
    Description of the illustration dp9.png

  6. Click Submit.
    Description of dp10.png follows
    Description of the illustration dp10.png

  7. Log in using created user.
    Description of dp11.png follows
    Description of the illustration dp11.png

  8. User can access audit log.
    Description of dp12.png follows
    Description of the illustration dp12.png


    Description of dp13.png follows
    Description of the illustration dp13.png