eMACH-Sigma enables you to assign different roles for the maker, checker and viewer users of an IT and Operations team, thereby enabling the listed maker, checker and viewer users to be assigned with the appropriate accessible roles based on their entitlements. On accessing eMACH-Sigma Studio, the maker, checker and viewer users can respectively create, approve and view the various Studio components to which they are entitled and it is essential that the approval flow should be initiated, so as to enable the approval privileges for the checker user.

The role matrix of the IT and Operations Maker, Checker and Viewer users is provided as follows:

Role Category	Roles	Sigma Studio Privileges	Sigma Application Privileges
IT	IT-OFFICE-MAKER	Can create, edit and delete the following: - Data Connections - Data Sources - Data Source Aggregators - Entitlements (Role Mapping) - Criteria - Criteria Grouping	No access
IT-OFFICE-CHECKER	Can approve or reject the following: - Data Connections - Data Sources - Data Source Aggregators - Entitlements (Role Mapping) - Criteria - Criteria Grouping	No access
IT-OFFICE-VIEWER	Can view the following: - Data Connections - Data Sources - Data Source Aggregators - Entitlements (Role Mapping) - Criteria - Criteria Grouping	No access

Role Category

Roles

Sigma Studio Privileges

Sigma Application Privileges

IT-OFFICE-MAKER

Can create, edit and delete the following:
- Data Connections
- Data Sources
- Data Source Aggregators
- Entitlements (Role Mapping)
- Criteria
- Criteria Grouping

No access

IT-OFFICE-CHECKER

Can approve or reject the following:
- Data Connections
- Data Sources
- Data Source Aggregators
- Entitlements (Role Mapping)
- Criteria
- Criteria Grouping

No access

IT-OFFICE-VIEWER

Can view the following:
- Data Connections
- Data Sources
- Data Source Aggregators
- Entitlements (Role Mapping)
- Criteria
- Criteria Grouping

No access

For eMACH-Sigma Studio that is integrated with the Intellect ARX authentication system, the user roles for the IT and Operations maker, checker and viewer must have been created in the Intellect ARX authentication system.

When you create the IT and Operations maker, checker and viewer users in Intellect ARX, ensure that you select the appropriate User Type, Sub-Type, Entity and Role in the User Creation screen in Intellect ARX.

For the IT and Operations Maker ensure:

User Type must be Bank User
Sub-Type must be Functional User
Entity must be STUDIO
Role must be IT-OFFICE-MAKER

For the IT and Operations Checker ensure:

User Type must be Bank User
Sub-Type must be Functional User
Entity must be STUDIO
Role must be IT-OFFICE-CHECKER

For the IT and Operations Viewer ensure:

User Type must be Bank User
Sub-Type must be Functional User
Entity must be STUDIO
Role must be IT-OFFICE-VIEWER

The appropriate access controls should be provided to these roles in the Access Controls screen in Intellect ARX:

For IT-OFFICE-MAKER, the Role must be IT-OFFICE-MAKER
For IT-OFFICE-CHECKER, the Role must be IT-OFFICE-CHECKER
For IT-OFFICE-VIEWER, the Role must be IT-OFFICE-VIEWER

The System Administrator will approve the user details and the provided access controls will be assigned to the different user roles on the Intellect ARX authentication system.

Once the IT and Operations users with specific user roles are created in Intellect ARX, ensure that you provide appropriate entries in the CT_REQ_MDLR_AUTHFLOW table on the Studio schema.

Apart from data connections, the IT and Operations maker, checker and viewer users can respectively create, approve and view data sources, data source aggregators, role mapping and criteria based on the provided entitlements and user roles in eMACH-Sigma Studio. The IT and Operations maker, checker and viewer users will be able to access only the eMACH-Sigma Studio.

You can even create a standard IT and Operations user in the Intellect ARX authentication system without assigning the checker and viewer roles, thereby ensuring that no approval flow gets involved.
To create a standard IT and Operations user in the Intellect ARX authentication system, ensure:

User Type must be Bank User
Sub-Type must be Functional User
Entity must be STUDIO
Role must be IT-OFFICE-MAKER

The appropriate access controls should be provided to the standard IT-OFFICE-MAKER role in the Access Controls screen on Intellect ARX.

For the standard IT-OFFICE-MAKER, the Role must be IT-OFFICE-MAKER

The standard IT and Operations user can configure data sources, data source aggregators, role mapping and criteria based on the provided entitlements and user roles in eMACH-Sigma Studio. The standard IT and Operations user will be able to access only the eMACH-Sigma Studio Application.

Perform the following step on the Studio schema:

In the CT_REQ_MDLR_AUTHFLOW table, change the type of authentication from noauth to foureye or sixeye and make changes to the AUTH_FLOW column accordingly. A sample entry is provided as follows:

TABLE COLUMN	VALUES
GCIF	CTSTUD2014ENTL
FLOW_CTRL_ID	006
PRODUCT	DATA
SUB_PRODUCT	CONNECTION
CHANNEL_ID	3
APPLICATION_ID	CTSTUDIO
DEFAULT_IND	Y
EVAL_CONDITION	{ condition : [ { id : equals , field : $context.authflow value : true } ] }
EVAL_ORDER	1
STOP_PROCESS_IND	FALSE
RESPECT_HIER_IND	FALSE
TYPE	foureye
AUTH_FLOW	{ authflow : [ { tier : [ { type : INTEGER, min : 10, max : 100, workflow : { type : foureye , flow : { completed : false } } }, { type : INTEGER, min : 100, max : 1000, workflow : { type : sixeye , flow : { completed : false } } }, { type : INTEGER, min : 1000, max : 10000, workflow : { type : tree , flow : { condition : OR , completed : false, flow : [ { role : A , count : 1, completed : false }, { role : B , count : 2, completed : false }, { role : D , count : 1, completed : false }, ] }, { completed : false, flow : [ { role : A , count : 1, completed : false }, { role : C , count : 1, completed : false }, { role : D, count : 1, completed : false } ] }, { completed : false, flow : [ { role : X , count : 1, completed : false }, { role : Y , count : 1, completed : false } ] }, { role : E , count : 1, completed : false } ] } } } ] } ] }

Refer the following pages for detailed information on the usage of IT and Operations maker, checker and viewer roles in eMACH-Sigma Studio:

Browser not supported