Authorization management module

Three reasons for the implementation:

• Everyone can access only the data they need and only when they need it for their work
• Easier audit and internal control
• Using data protection and this module, access and management of digital assets customized to your business needs can be realized

Areas of business use

It is a basic need for all organizations to manage authorizations related to each different role. Our system’s authorization management module can cater for all organizational needs as it can define authorization on the level of data, activities, or documents.

Our solution effectively supports business needs, ensuring:

• that those who process administrative procedures could only access, edit, and modify data related to their role. While minimalizing error possibilities, we support users.
• that participants of an audit would be allowed to view data and information within their roles in order to complete their task.
• that those in executive roles have access to reports and information they need for decision-making and for managing and controlling activities.
• that in compliance with data protection requirements, the module can ensure data management as well as access to digital assets customized for business needs.

Authorization roles

Possible settings for a given role:

• Access to current contracts
• Access to documents registered for complaints
• Access to the Search and report module
• Definition of the person registering a case or starting a report
• Authorization for recording an invoice with large value
• Authorization to generate a credit contract
• Definition of registration access
• Right to define allowance related to work contracts
• Access to special documents despite not being authorized for it in the general role-based authorization system

Features of authorization settings

• An unlimited number of roles can be created in Andoc
• One user can have multiple roles
• There is a special authorization search in the system for easy examination of authorization and search
• Roles can be copied
• The system operates on a forbidding principle, that is, users can complete only activities they are authorized to
• Authorization settings are fully logged
• Digital signature certificates can be set to users
• An unlimited number of descriptive fields (user variables) can be assigned to users.

Authorization management and authentication

Single Sign-On authentication is supported for both thin and thick clients as well as for Outlook Addin. The system also supports the identification of users coming from outside the AD and is able to provide authentication for these users with a username and password. The system also supports mixed, partly AD and partly non-AD authentication.

Parameterizing the user module

• The module supports the storage of user characteristics based on a unique structure that can be parameterized
• Based on their assignment to the login name, the stored data can be automatically inserted into a form
• Password strength can be set adapting to the particular corporate requirements
• Individual, digital certificates can be assigned to each user promoting the use of high security signatures