User management in timveroOS provides comprehensive control over system access through role-based permissions and departmental organization. This module ensures secure access while maintaining operational efficiency through structured permission hierarchies and audit capabilities.
Role-Based Access Control (RBAC)
Role management interface for configuring user permissions The system implements role-based access control through a hierarchical structure:
Organization Level: Top-level system access
Department Level: Functional area restrictions
Role Level: Specific permission sets
User Level: Individual access assignments
Department Configuration
Departments serve as both organizational units and workflow boundaries within timveroOS.
Setting Up Departments
Navigate to Settings → Catalogs → Decision Departments to configure:
Department Code: Unique system identifier
Description: Clear functional description
Active Status: Enable/disable departments
User and Department Management
Department Assignment
Departments are assigned at the user level, not the role level. Each user is associated with a specific department that defines their organizational context.
Configuring User Departments
Accessing User Management:
Navigate to Admin Panel → Users
Select the user profile to configure
Assigning Department:
Click on the Assign Department action on the User
Select the appropriate department from the dropdown menu
Role-Department Interaction:
Roles define permissions and capabilities
Departments define organizational scope
Role permissions apply within the user's assigned department context
Users can only be assigned to one department at a time
Users can only be assigned to one role at a time
Example Configuration
A user with the "Credit Analyst" role assigned to the "Retail Lending" department will have credit analyst permissions scoped to retail lending operations only.
Department-Workflow Integration
Department-based user assignment and workflow routing 1 Department-based user assignment and workflow routing 2 Departments determine:
Warning assignment routing
Role Configuration
Important: Roles must be configured before users can be assigned to them. Complete role setup before creating user accounts.
Accessing Role Configuration
Navigate to Settings → Roles to create and configure roles.
Define role identity:
Description: Role purpose and scope
Start page: Default landing page after login (dropdown selection from available pages: BI, Launchpad, Applications, Loans, or custom directories)
BI Dashboard: Assign dashboard from catalog (dropdown automatically fetches all active dashboards from the BI Dashboards catalog)
Configure permissions: Use Permission Matrix to assign access across modules:
General Access: View, Create permissions per module
Additional Actions: Specific actions (Edit, Approve, Decline, etc.)
Tabs: Access to specific data tabs within entities
Available Modules in Permission Matrix (example list - actual modules depend on SDK implementation):
Catalogs, Applications, Clients, Collateral, Covenant, Loans, Marketing campaign, Notifications, Offer engine, Participant, Transaction, Users, Vendor
The exact list of modules and available actions depends on the custom actions, views, and features implemented in your specific assembly. Each module has specific permissions that can be granted based on role requirements.
Decision Permissions
Roles can be granted authority to make various types of decisions within the lending workflow. These permissions determine which actions users with this role can take on applications and deals.
Available Decision Actions
Approve
Grant permission to approve applications
Users can move applications forward in the workflow
Typically assigned to underwriters, credit analysts, and managers
Decline
Grant permission to decline applications
Users can reject applications with documented reasons
Requires decline reason code selection
Typically assigned to underwriters, credit analysts, and managers
Review
Assign for review without final decision authority
Users can analyze and comment on applications
Cannot approve or decline without escalation
Typically assigned to junior analysts and support staff
Configuring Decision Permissions
Accessing Role Configuration:
Navigate to Admin Panel → Roles
Create new role or edit existing role
Locate Decision Permissions section
Setting Permissions:
Enable desired decision actions by checking the corresponding boxes:
Decision Workflow Example
Senior Credit Analyst Role:
Junior Credit Analyst Role:
Example Role Templates
Common role configurations include:
Loan Officer
Submit and manage applications
Underwriter
Review flagged applications
Override specific factors
Approve/decline with conditions
Access risk assessment tools
Manager
Override subordinate decisions
Approve policy exceptions
Administrator
Configure system parameters
User Lifecycle Management
User Creation Process
Prerequisite: Roles must be configured before creating users. Navigate to Settings → Roles to verify roles exist.
Account Setup
Navigate to Settings → Users
Create new user with required information
Assign role(s): Select from previously configured roles
Assign to department - separate action after the User is created
Configure additional user settings
Access Configuration
Configure notifications subscriptions
Activation
Complete initial training
Access Management
Regular Maintenance:
Validate permission appropriateness
Update for organizational changes
User Deactivation:
Note: When a user is deactivated, their assigned work items (warnings, applications in review) do not return to the shared pool of items for other users in their department.
Security Controls:
Multi-factor authentication (MFA) available
Password policy enforcement
Session timeout configuration
Single Sign-On (SSO) support via SDK configuration
LDAP integration supported (users must be created in system first, then mapped by login)
Integration with Operations
Launchpad Integration
User permissions directly control Launchpad functionality:
Department-based work distribution in Launchpad Permission-Based Features:
Department work queue visibility
Self-assignment capabilities
Supervisor assignment rights
Cross-department coordination
Warning Management Workflow
The system tracks assignment and resolution status:
Warning assignment tracking with approval indicators Approval Process:
Structured approval with form completion (Step 1) Structured approval with form completion (Step 2) Decline Process:
Systematic decline process with reason tracking (Step 1) Systematic decline process with reason tracking (Step 2) Application Status Management:
Complete application status visibility via filters Audit and Compliance
Activity Tracking
The system maintains comprehensive audit trails:
Configuration modifications
Compliance Features
Role-based access documentation
Permission change history
Access recertification support
Segregation of duties enforcement
Configuration Guidelines
Define organizational structure
Create departments matching operations
Configure base permissions
Ongoing Management
Document role definitions
Maintain permission matrices
Update for organizational changes
Archive inactive accounts
Technical Considerations
User queries optimized for speed
Permission caching implemented
Department filtering reduces load
Role inheritance minimizes complexity
Security Architecture
Encrypted credential storage
Session management controls
Permission boundary enforcement
Integration Points
System Components
User management integrates with:
Workflow Engine: Permission-based access
Document Management: Access control
Reporting System: Data visibility
Notification System: Alert distribution
External Systems
HR system integration capabilities
Single sign-on (SSO) support
Directory service connectivity
Authentication provider options
Implementation Resources
Admin Panel Configuration
User Profile Configuration - Managing user accounts and department assignments (this page)
Role Management - Defining role permissions (this page)
SDK Configuration
The following capabilities require SDK team involvement:
User Management API integration
Permission structure customization
SSO and directory service integration
Custom authentication providers
With user management configured, proceed to:
For additional user management guidance, consult your system administrator or implementation team.
