In PrecisionLender, Security Profiles are how you control users' levels of access and permissions. PrecisionLender allows as many custom security profiles as you need.
In this article we will cover:
- Things To Consider When Setting Up Security Profiles
- How To Create/Edit Security Profiles
Things to Consider When Setting Up Security Profiles
Different types of users may require different rights and privileges based on the nature of their role. Common user types include (but are not limited to):
- Lenders / Relationship Managers / Portfolio Managers
- Credit Analysts / Credit Administration
- Loan Assistants / Loan Operations
- Regional Managers / Line of Business Managers
- IT Security Manager
- It is common for someone in the IT Department to be responsible for managing users (enabling / disabling) and application access settings. Thus, there is often a unique security profile for this person(s).
- Chief Pricing Officer / Assumptions Manager / Administrator
- This is almost always a unique security profile.
- C-Level Management / Executive Sponsor
- Retail / Consumer Lending Manager (rate sheets only)
- Deposit Pricing Manager (rate sheets only)
Once you have identified the different types of users for your bank, think about how each type of user will be expected to use PrecisionLender.
- For example, will this user type be talking to customers and pricing opportunities? Or will they only need to view the data entered by others?
It is common for banks to be organized by line of business, geographic region or both.
Oftentimes, there is a regional manager over each region who is responsible for loan production and profitability in their region and will need to be able to view and approve opportunities for other users in their region.
However, if the bank does not want the regional manager viewing the activities of other regions, it is often necessary to create a unique security profile for each region manager.
- Example 1: Your bank has 3 regions: Region A, Region B and Region C. Each region has a manager that can only impact activities in their own region. If Managers A, B, and C are allowed to view (but not edit) each other's regions, one security profile will achieve that by having each manager in their specific region, and adding visible regions in the bottom of the security profile.
- Example 2: Your bank has 3 regions: Region A, Region B and Region C. Each region has a manager that can only impact activities in their own region, and they are allowed to view only select activities outside their own regions. If Managers A and B can view Regions A and B, but not Region C, then there should be two security profiles; one for Managers A and B where Regions A and B are visible, and one for Manager C that only shows Region C.
- Allows lenders to compare themselves to other lenders in the bank.
- Can often foster a good dose of internal competitive peer pressure which can accrue to the benefit of the bank.
- If the bank is using different targets in different regions, it may not be desirable for lenders in one region to know the targets and/or assumptions used by other regions. This typically becomes more of a concern if lender incentive compensation is tied to loan production and/or return performance.
Some banks choose to allow lenders to only view their own activities. Others allow lenders to view all activities in their home region. Some banks allow lenders to view all activities across all regions.
There is no right or wrong answer as to how you do it. It is driven by what you are trying to accomplish as a bank and the needs of the lenders to best do their jobs. As with most things, there are pros and cons to giving lenders access to see the activities of other users or regions.
How to Create or Edit a Security Profile
Go to the Administration tab on the bottom-left side of the application
In the Security Profiles Section you can:
- Click "New" to create a new Security Profile;
- Click the copy icon () next to the Security Profile that you would like to duplicate; or
- Click the name of the Security Profile you would like to edit
When finished creating or editing the profile, click “Save,” then click “Close”
General rights focus on the day-to-day use of the application.
Opportunities: An opportunity is defined as new business. This could be any type of new facility the user is trying to price. (ie. a new loan, deposit, fee based income or any combination thereof).
Allows users in this profile to view all opportunities in the regions they have access to, including Deal Team Opportunities they are or are not part of.
Allows users in this profile to create new opportunities. It also permits the user to receive a transferred Opportunity from another user.
- Any opportunity that a user owns, they can delete.
- Any opportunity that a user owns, they can transfer away to anyone they can view.
Allows users in this profile to edit any opportunity they can view, including those belonging to other users.
- Any opportunity that a user can edit, they can delete.
- Any opportunity that a user can edit, they can transfer to themselves or anyone they can view.
- Any Deal Team opportunity they are or are not a part of.
(For clients with Deal Teams enabled) Restricts users in this profile to view the Deal Team Opportunities they are members of and any Opportunities they own. Checking this box will automatically uncheck the box for the Opportunity "View All" right.
(For clients with Deal Teams enabled) Restricts users in this profile to edit the Deal Team opportunities they are part of and any Opportunities they own. Users with this right can transfer ownership of the opportunity to themselves or anyone on the deal team. Checking this box will automatically disable the "Edit Any" rights for opportunities.
(For clients with Alternate Pricing Regions enabled) Allows users to price their opportunity in any of their visible regions.
(For clients with the Rate Sheets Connector only) Allows users to price a rate sheet exception.
Relationships: A relationship is defined as existing business the bank already has with a current customer. This will only come into play if the financial institution has the Relationship Awareness module.
Allows users in this profile to view all relationships in the regions they have access to.
Allows users in this profile to own relationships.
Allows users in this profile to delete any relationship that they have access to, regardless of whether they own it. Relationships with active core accounts cannot be deleted.
Allows users in this profile to edit any relationship they can view, including those belonging to other users. This includes the ability to merge two relationships in PrecisionLender that the user does not own.
Allows users in this profile to transfer an existing relationship to another user, and to split relationships that have been manually merged.
The user receiving a transferred relationship must have "Create and Own" rights in order for the transfer to be completed.
Allows users in this profile to view the Delivery to Promise dashboard.
Rate Sheets: Only affects the optional Rate Sheet module.
Allows users in this profile to view all rate sheets in the regions they have access to.
Allows users in this profile ;to create new rate sheets. It also permits the user to receive a transferred rate sheet from another user.
Allows users in this profile to delete any rate sheet that they have access to, regardless of whether they own it.
Allows users in this profile to edit any rate sheet they can view, including those belonging to other users.
Allows users in this profile to produce rate sheets to be used by other users.
Security Profiles who will be publishing rate sheets will also need the ability to create and own rate sheets as well.
Administration rights focus on managing products, assumptions, and loan approval. Depending on your institution, you may want Standard Users to be able to make these adjustments or you may want to have another User Type, like “Management,” to only have this access.
- System Wide: Checking boxes on this row allows the user to make adjustments to all regions.
- Regional: Checking boxes on this row allows the user to make adjustments to their home region and any regions that are set to visible.
Do you want this Security Profile to be able to…?
Checking this box allows those in this Security Profile to move an opportunity to the 'Awaiting Close' status. Owners of an opportunity can use the Opportunity Stage to indicate where the opportunity is in the normal process.
Checking this box allows those in this Security Profile to change the Opportunity Stage to a 'Closed Won' status.
Checking this box allows those in this Security Profile to create and edit products such as loans, deposits, or other fee-based incomes.
Checking this box allows those in this Security Profile access to the General, Rates & Indices, Print Options, and Universal Assumptions areas of the Administration Section.
Checking this box allows those in this Security Profile to create, manage, and edit new or existing user accounts.
Checking this box allows those in this Security Profile to modify the Security Profiles of other users. This permission grants access to the User Access Settings which control Password and IP restrictions.
Checking this box allows those in this Security Profile to access PrecisionLender’s Web Query files to extract additional pipeline and usage data.
Checking this box allows those in this Security Profile to create and manage home regions for other users. Regions are used to create and manage assumptions and targets for different markets.
Checking this box will allow those in this Security Profile the ability to create and manage Service User Account Access for PrecisionLender's API.
In addition to the normal dashboard reporting, PrecisionLender also provides access to an Excel Web Query to download additional pipeline and usage data.
- Data Feed Access: Checking this box allows those in this Security Profile to access the Data Feeds. For more information see: The Data Feeds
The filter bar can become cluttered if a region contains large numbers of users. Some financial institutions have groups of users such as loan assistants or credit analysts that need access to PrecisionLender, but that do not create or 'own' loans within the bank. This setting allows those security profiles to be hidden from the filter bar and dashboard reporting.
Checking this box excludes those in this Security Profile from the filter bar.
If checked, when users log into PrecisionLender, their opportunity dashboard will show the data for their home region's level.
These restrictions are only intended for users that will login only through a Customer Relationship Management (CRM) system such as Salesforce or Dynamics. Applying these restrictions to a user who is not able to log in through a CRM will block them from logging into PrecisionLender.
If checked, this will prevent CRM users from leaving the opportunity that they are pricing to access the PrecisionLender dashboard.
- They will only be allowed in through the integrated CRM.
- If they have the ability to view the dashboard after closing the opportunity, then they:
- will not have access to the New Opportunity menu bar
- will not be able to see the Administration tab on the homepage
- will not be able to select the Copy button on the opportunity grid
- will not be able to Create New or Add/Remove an opportunity from the Relationship Pricing tab
The L3 Library Access permissions determine a users ability to view and manage L3 reports.
Allows users in this profile to view L3 reports at the Region level.
Allows users in this profile to view L3 reports at the bank level.
Allows users in this profile the ability to enable and/or disable L3 reports and folders.
Your institution may want to prevent certain Security Profiles from seeing other regions in the dashboard reports. This section will list your available regions to hide or make visible to this Security Profile. Opportunities and Relationships are assigned to users, and users are assigned to regions, so if a lender doesn't have visibility to a region, that lender will see neither Opportunities nor Relationships that reside in that region.
Users will always have rights to their home region, even if it is not specifically set to visible.