In PrecisionLender, Security Profiles are how you control users' levels of access and permissions. PrecisionLender allows as many custom security profiles as you need.
In this article we will cover:
- Things To Consider When Setting Up Security Profiles
- How To Create/Edit Security Profiles
Things to Consider When Setting Up Security Profiles
- What are the different types of users that will require access to PrecisionLender?
- Different types of users may require different rights and privileges based on the nature of their role. Common user types include (but are not limited to):
- Lenders / Relationship Managers / Portfolio Managers
- Credit Analysts / Credit Administration
- Loan Assistants / Loan Operations
- Regional Managers / Line of Business Managers
- IT Security Manager
- It is common for someone in the IT Department to be responsible for managing users (enabling / disabling) and application access settings. Thus, there is often a unique security profile for this person(s).
- Chief Pricing Officer / Assumptions Manager / Administrator
- This is almost always a unique security profile.
- C-Level Management / Executive Sponsor
- Retail / Consumer Lending Manager (rate sheets only)
- Deposit Pricing Manager (rate sheets only)
- Once you have identified the different types of users for your bank, think about how each type of user will be expected to use PrecisionLender.
- For example, will this user type be talking to customers and pricing opportunities? Or will they only need to view the data entered by others?
- Are there managers over different regions that will need to manage activities for multiple lenders in their region?
- It is common for banks to be organized by line of business, geographic region or both.
- Oftentimes, there is a regional manager over each region who is responsible for loan production and profitability in their region and will need to be able to view and approve opportunities for other users in their region.
- However, if the bank does not want the regional manager viewing the activities of other regions, it is often necessary to create a unique security profile for each region manager.
- Example 1: Your bank has 3 regions: Region A, Region B and Region C. Each region has a manager that can only impact activities in their own region. If Managers A, B, and C are allowed to view (but not edit) each other's regions, one security profile will achieve that by having each manager in their specific region, and adding visible regions in the bottom of the security profile.
- Example 2: Your bank has 3 regions: Region A, Region B and Region C. Each region has a manager that can only impact activities in their own region, and they are allowed to view only select activities outside their own regions. If Managers A and B can view Regions A and B, but not Region C, then there should be two security profiles; one for Managers A and B where Regions A and B are visible, and one for Manager C that only shows Region C.
- Will lenders be able to view only their own activities or will they be permitted to view the activities of other lenders too?
- Allows lenders to compare themselves to other lenders in the bank.
- Can often foster a good dose of internal competitive peer pressure which can accrue to the benefit of the bank.
- If the bank is using different targets in different regions, it may not be desirable for lenders in one region to know the targets and/or assumptions used by other regions. This typically becomes more of a concern if lender incentive compensation is tied to loan production and/or return performance.
- Some banks choose to allow lenders to only view their own activities. Others allow lenders to view all activities in their home region. Some banks allow lenders to view all activities across all regions.
- There is no right or wrong answer as to how you do it. It is driven by what you are trying to accomplish as a bank and the needs of the lenders to best do their jobs. As with most things, there are pros and cons to giving lenders access to see the activities of other users or regions.
How to Create or Edit a Security Profile
- Go to the Administration tab on the bottom-left side of the application
- In the Security Profiles Section:
- Click "New" to create a new Security Profile;
- Click the copy icon () next to the Security Profile that you would like to duplicate; or
- Click the name of the Security Profile you would like to edit
- When finished creating or editing the profile, click “Save,” then click “Close”
General rights focus on the day-to-day use of the application.
Opportunities: An opportunity is defined as new business. This could be any type of new facility the user is trying to price. (ie. a new loan, deposit, fee based income or any combination thereof).
- View all: Allows users in this profile to view all opportunities in the regions they have access to.
- Any opportunity that a user owns, they can transfer away to anyone they can view.
- Create And Own: Allows users in this profile to create new opportunities. It also permits the user to receive a transferred Opportunity from another user.
- Any opportunity that a user owns, they can delete.
- Any opportunity that a user owns, they can transfer away to anyone they can view.
- Edit Any: Allows users in this profile to edit any opportunity they can view, including those belonging to other users.
- Any opportunity that a user can edit, they can delete.
- Any opportunity that a user can edit, they can transfer to themselves or anyone they can view.
Relationships: A relationship is defined as existing business the bank already has with a current customer. This will only come into play if the financial institution has the Relationship Awareness module.
- View all: Allows users in this profile to view all relationships in the regions they have access to.
- Create And Own: Allows users in this profile to own relationships.
- Delete Any: Allows users in this profile to delete any relationship that they have access to, regardless of whether they own it.
- Relationships with active core accounts cannot be deleted.
- Edit Any: Allows users in this profile to edit any relationship they can view, including those belonging to other users.
- Transfer: Allows users in this profile to transfer an existing relationship to another user.
- The receiving user must have "Create and Own" rights in order for the transfer to be completed.
Rate Sheets: Only affects the optional Rate Sheet module.
- View all: Allows users in this profile to view all rate sheets in the regions they have access to.
- Create And Own: Allows users in this profile to create new rate sheets. It also permits the user to receive a transferred rate sheet from another user.
- Delete Any: Allows users in this profile to delete any rate sheet that they have access to, regardless of whether they own it.
- Edit Any: Allows users in this profile to edit any rate sheet they can view, including those belonging to other users.
- Publish: Allows users in this profile to produce rate sheets to be used by other users.
- Security Profiles who will be publishing rate sheets will also need the ability to create and own rate sheets as well.
Administration rights focus on managing products, assumptions, and loan approval. Depending on your institution, you may want Standard Users to be able to make these adjustments or you may want to have another User Type, like “Management,” to only have this access.
- System Wide: Checking this box allows the user to make adjustments to all regions.
- Regional: Checking this box allows the user to make adjustments to their home region and any regions that are set to visible.
Do you want this Security Profile to be able to…?
- Approve loans: Checking this box allows those in this Security Profile to move an opportunity to the Approved status. Owners of an opportunity can use the Opportunity Stage to indicate where the opportunity is in the normal process.
- Close Loans: Checking this box allows those in this Security Profile to change the Opportunity Stage to a Closed status.
- Manage Products: Checking this box allows those in this Security Profile to create and edit products such as loans, deposits, or other fee-based incomes.
- Manage Assumptions: Checking this box allows those in this Security Profile access to the General, Rates & Indices, and Print Options areas of the Administration Section.
- Manage Users: Checking this box allows those in this Security Profile to create, manage, and edit new or existing user accounts.
- Manage Access: Checking this box allows those in this Security Profile to modify the Security Profiles of other users.
- This permission grants access to the User Access Settings which control Password and IP restrictions.
- Import Data: Checking this box allows those in this Security Profile to access PrecisionLender’s Web Query files to extract additional pipeline and usage data.
- Manage Regions: Checking this box allows those in this Security Profile to create and manage home regions for other users. Regions are used to create and manage assumptions and targets for different markets.
- Manage API Access: Checking this box will allow those in this Security Profile the ability to create and manage Service User Account Access for PrecisionLender's API.
In addition to the normal dashboard reporting, PrecisionLender also provides access to an Excel Web Query to download additional pipeline and usage data.
- Data Feed Access: Checking this box allows those in this Security Profile to access the Data Feeds.
- For more information see: The Data Feeds
- Analytics Access: Provides access to the advanced analytics section for opportunities
- For more information see: Advanced Analytics
The filter bar can become cluttered if a region contains large numbers of users. Some financial institutions have groups of users such as loan assistants or credit analysts that need access to PrecisionLender, but that do not create or 'own' loans within the bank. This setting allows those security profiles to be hidden from the filter bar and dashboard reporting.
- Hide from Filter Bar: Checking this box excludes those in this Security Profile from the filter bar.
These restrictions are only intended for users that will login only through a Customer Relationship Management (CRM) system such as Salesforce or Dynamics. Applying these restrictions to a user who is not able to log in through a CRM will block them from logging into PrecisionLender.
- Hide Dashboard: If checked, this will prevent users from being able to access the PrecisionLender dashboard.
- Disable Application Login: If checked, this will prevent users from being able to login directly to PrecisionLender, they will only be allowed in through the integrated CRM.
Your institution may want to prevent certain Security Profiles from seeing other regions in the dashboard reports. This section will list your available regions to hide or make visible to this Security Profile. Opportunities and Relationships are assigned to users, and users are assigned to regions, so if a lender doesn't have visibility to a region, that lender will see neither Opportunities nor Relationships that reside in that region.
- Users will always have rights to their home region, even if it is not specifically set to visible.