Open francis-pouatcha opened 2 weeks ago
Here's the structure I found before continuing, I wanted it to be validated by the team
erDiagram
ManagerAccess {
Long id
String scope
double weight
String status
Long seniorManagerAccessId
}
SeniorManagerAccess {
Long id
String name
}
HolderAccess {
Long id
String name
}
AgentAccess {
Long id
String name
}
AuditorAccess {
Long id
String name
}
PoAAccess {
Long id
String name
}
ManagerAccess ||--o{ SeniorManagerAccess : "supervised by"
ManagerAccess ||--o{ HolderAccess : "granted by"
ManagerAccess ||--o{ AgentAccess : "manages"
ManagerAccess ||--o{ AuditorAccess : "manages"
ManagerAccess ||--o{ PoAAccess : "manages"
Entity: ManagerAccess
Overview:
ManagerAccess
is an essential entity in the bank account access management model, responsible for managing access to the account. This role grants specific individuals or entities (typically managers within an organization or a legal representative) the ability to manage permissions and access levels for other users. While theManagerAccess
entity allows for extensive control over who can interact with the account, it may not grant direct operational control over the account itself, depending on the defined permissions.Key Characteristics:
Access Control Management:
ManagerAccess
is to manage the roles and permissions of other individuals or entities that require access to the account.AgentAccess
,AuditorAccess
, andPoAAccess
, ensuring that the appropriate users have the required level of access.ManagerAccess
users typically operate within the scope defined by theSeniorManagerAccess
, who oversees their actions.Delegated Access:
ManagerAccess
are delegated authority by aSeniorManagerAccess
user.Permission Management:
ManagerAccess
users have the capability to:AgentAccess
,AuditorAccess
, or create new access based on Power of Attorney (PoAAccess
).Operational Limitations:
ManagerAccess
is primarily focused on managing access permissions, the user with this role may have restricted direct interaction with the account, depending on the access configuration.scope
of the manager's access includes these permissions.scope
field of theManagerAccess
entity allows fine-grained control over what a manager can or cannot do.Scope of Permissions:
scope
field defines the specific actions theManagerAccess
user is permitted to perform. These may include:scope
is critical for customizing each manager's responsibilities and ensuring that no excess permissions are granted.Weight:
weight
attribute determines the extent of control aManagerAccess
user has. For instance:Status:
ManagerAccess
can have different statuses:ManagerAccess
can be dynamically adjusted based on organizational needs and security requirements.Accountability and Logging:
ManagerAccess
is logged to maintain a robust audit trail. This includes:Example Workflow for ManagerAccess:
Granting Access to an Auditor:
ManagerAccess
user identifies the need to provide an external auditor with read-only access to a bank account.AuditorAccess
entry, specifying thescope
as read-only and limiting access to account details but not permissions or transaction initiation.Modifying Access for an Agent:
ManagerAccess
user creates anAgentAccess
entity, granting the agent the ability to perform transactions on behalf of the account holder.Suspending Access:
PoAAccess
for a legal representative who no longer needs access to the account.Role in the Organizational Hierarchy:
ManagerAccess
represents a middle-tier authority. They are empowered to manage account access but are still subordinate to the account holder (HolderAccess
) or aSeniorManagerAccess
user.ManagerAccess
users provide flexibility by enabling dynamic control over access without requiring constant input from senior-level management or the account holder. This delegation of authority is critical for efficient account management, especially in large organizations or teams.Key Considerations for ManagerAccess:
ManagerAccess
does not overlap too much with operational control (e.g., making transactions). Clear separation of duties reduces the risk of internal fraud or unauthorized access.scope
field allows the manager’s access to be customized based on the specific needs of the account or organization. This flexibility ensures that different managers can be given different levels of responsibility depending on their role.ManagerAccess
need to operate within defined security policies. Changes to access should always be logged and subject to review, ensuring that permissions are only granted to those who require them.Possible Scenarios of Suspension:
ManagerAccess
can be suspended to prevent unauthorized changes to account permissions.ManagerAccess
role, overriding any previously assigned permissions.Key Scenarios for ManagerAccess:
ManagerAccess
to handle day-to-day access control, ensuring that employees in different departments have the correct permissions to view or manage specific sub-accounts.ManagerAccess
to oversee who from each partner company has access to the shared account, without the manager having the ability to perform transactions themselves.