Skip to content

User Permissions, Roles, and Authorization

Chinese source: 柜员权限、岗位与授权
Locale: en-US
Audience: Internal learning

Key Terms

ChineseEnglishUsage Note
柜员Operations User / TellerUse teller only when branch context matters.
岗位Role / PositionPermission grouping assigned to users.
操作权限Operating PermissionPermission to initiate or run a transaction.
授权权限Authorization PermissionPermission to approve or authorize another user's transaction.
岗位制衡Segregation of DutiesSeparation of maker/checker or operator/authorizer roles.

Concept

Whether a user can process a transaction is usually determined by multiple dimensions:

  • The user exists and is active.
  • The user is signed on and allowed to transact.
  • The user's institution is allowed to process the transaction.
  • The user's role has the operating permission.
  • The transaction may require authorization.
  • The authorizing user must have the required authorization permission.

Operating Permission vs. Authorization Permission

Permission TypeMeaningTypical Question
Operating permissionCan the user initiate or execute the transaction?Can this user process this transaction?
Authorization permissionCan the user approve or authorize another user's transaction?Can this user authorize this transaction?

These are not the same. A user may be able to perform inquiries or maintenance but not authorize high-value transactions. A supervisor may have authorization responsibilities but should not directly perform every operation.

Why Separation Matters

Core banking relies on segregation of duties to reduce the risk of self-approval, abuse of high privileges, missing review for high-risk transactions, and unclear accountability.

Good permission design follows:

  • Least privilege.
  • Separation of maker, checker, and authorizer.
  • Tiered authorization by amount and risk.
  • Auditability for operations, approvals, and changes.

Troubleshooting Path

When a user cannot process a transaction:

  1. Check [9302] User Information Inquiry.
  2. Check [9311] Role Permission Information Inquiry.
  3. Check whether the institution can process the transaction.
  4. Check transaction rules, amount rules, and account restrictions.
  5. If authorization is needed, check authorizer permissions.
  6. Review user events and transaction records.

Risk Controls

  • Authorization permission should be stricter than operating permission.
  • High-risk transactions should not allow the same user to initiate and authorize.
  • Permission exports expose system security structure and should be controlled.
  • Role changes, departures, and dormant users require timely cleanup.