Access Control

Print this Page	4.4 Access 12. Access Control	Close this Page

4.4.12. Access Control:

1. To grant the author of any data the right to change that data and to grant other users further down the hierarchy such rights.

2. To note rhe application owner will own all schemes but may assign the right to make certain changes to an MGA or lower authority.

3. To provide a flag for each option that is exclusively set by the application owner to assign change rights to an MGA or other authority. By default, when a new scheme is cloned from an existing scheme, all data is exclusively owned by the application owner. Where the application owner chooses to assign certain change rights to an MGA, then the option is marked is being changeable.

Authors Rights:

1. To acknowledge International copyright laws that state the author of any information is the copyright holder of that information without any other registration. Common and Civil laws state that where an employee is paid to create information then the employer is the copyright holder, but the employee retains Authors Rights to be identified as the original author.

2. To follow this simple policy that the user who creates any data is the owner of that data and has authors rights to be identified as the author of that data. The author of data may enable data to be shared with other people who are further down the hierarchy and all data is shared by people who are further up the hierarchy. The whole point of the hierarchy is to manage the flow of management information up the hierarchy.

Access Control Policy:

A hierarchical organization structure is defined that manages data access control.

1. The application owner is the only user who can see all sites and can add a new site. The application owner will add new schemes and will assign schemes to each MGA - each scheme is owned by the application owner.

2. Each MGA user can (only) see their own departments and can add a new department. An MGA user is not aware that any other MGA exists. Each MGA will use the schemes that they are assigned by the application owner.

3. Each MGA user can only see their own users and can add a new user or a new Agent.

4. Each authorized person can only see their own clients and are not aware that any other authorized person exists. Each authorized person will use the scheme that they are assigned by their MGA owner. Each authorized person will create client, vessel/vehicle/aircraft and cover data that is shared by their MGA. All data is shared with the application owner.

5. Each scheme is owned by the application owner and is created for one and only one MGA. For an MGA to be able to change a scheme that must have exclusive access to that scheme.

6. Each risk is created by one broker using one scheme for one MGA. A risk cannot be migrated to another MGA an cannot have its scheme change and cannot be assigned to a different broker. Authors rights demand that the broker who originates any risk is always acknowledged as its author.

Data Access Control:

1. To grant people the right to process data belonging to their own department and cannot see (data belonging to) any other department.

2. To grant an MGA manager may process data belonging to all departments within their MGA but will not see any other MGA or Owner data.

3. To enable an Owner manager to process data belonging to all departments within their Company but will not see any other Owner or MGA data.

4. To enable the owner to process data belonging to all MGA and all Owners. Data entered by the owner cannot be viewed by any other user, unless expressly granted read-only status.

Function Access Control:

1. To assign each person authorized to sign in with one and only one assigned role - this role can never exceed the role of the person granting permission for a user to sign in.

2. To enable a persons role to dictates the menu system of functions they can view and use.

3. to ensure an MGA person will never see any Owners menu functions and an Owner will never see any MGA specific menu functions.

4. To provide the owner with a unique set of menu functions that will never be seen by any other user.

5. To ensure that if a user got access to an insurers function it would serve no purpose as they have not entered any insurers data so they could not see any data.

Access Control:

1. To ensure that data access control is inherently secure as a member of one department cannot see data belonging to another department.

2. To enable departments to exist to provide data security - people within a department are a team working with the same data.

3. to ensure that if one person needs data privacy then they need to be a unique department where they own their own data.

4. To provide a management organizational structure to agrigate and consolidate management information from all parts of the structure below them.

5. To ensure data access control (data ownership) always takes priority over function access control (menu).

Document Control:

1. Document Title: Access Control.

2. Reference: 164412.

3. Keywords: Access Control.

4. Description: Access Control.

5. Privacy: Public education service as a benefit to humanity.

6. Issued: 24 Oct 2017.

7. Edition: 1.4.