cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Mohammed_sadeh
Fluorite | Level 6 Mohammed_sadeh
Fluorite | Level 6
Go to Solution

Routing problem in SAS Compliance Solution 7.4

Posted 05-08-2019 07:24 AM (2221 views)

I am using SAS Compliance Solution 7.4 (Anti money laundering)

and I need to restrict routing for employee in branch (Queue) to rout for specific branch (Queue).

For Example Employee works on branch 15 he can rout to main branch only, and the employees in the main branch rout to all other branch.

Is this scenario applicable in SAS Compliance Solution 7.4?

If not applicable I need a workaround for this scenario if possible.

 

Please Advise.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
SASPM
SAS Employee SASPM
SAS Employee

Re: Routing problem in SAS Compliance Solution 7.4

Posted 05-17-2019 08:56 PM (2088 views)  |   In reply to Mohammed_sadeh

Hi,

  • Users have access to a queue and to the items in the queue only with membership (direct or inherited) of the role that is configured for the queue access.
  • Roles are used by the investigation UI to filter items that a particular user may access. In addition, REST services are also performing additional validation for alerts to ensure only authorized users can access a particular item.

Preferences

    1.enforceQueuesForAlerts – Specifies whether to perform queue access checks for the alert details GET method

  • When the box is unchecked, only the REST service validation is disabled. The UI will not allow a user without access to access an alert. However, such validation can be bypassed by opening the alert from the Search results or by typing the alert URL directly in the browser.
  1. hideAlertsFromUnauthorizedQueues – Specifies whether to exclude from all alert lists the alerts from the queues that the user does not have access rights.
  • If the box is unchecked, all pages that display the list of alerts contain all alerts for the entity (case, customer, bank, and so on). If the user does not have access to the alert’s queue (if assigned), then the user is not able to triage the alert or open it.
  • If the box is checked, then alerts that the user does not have access to are not displayed in the UI, with a couple of exceptions. The Case details page always displays all alerts but access may be blocked based on the alert’s queue. Search results also display all alerts but the user is not able to open the alerts to which the user does not have access. The total alert count displayed on the entity triage list might not match the alert count on the entity details page.
  1. fcf.svr.aml.useRoutingToQueues – Specifies whether to use alerted entities routing to queues or Round Robin routing to users.
  2. routeToAllQueues –Specifies whether a user may route to any queue or only queues where they have access rights.

I believe for your use case, branch 15 user should be set up with a role that does not have access to items in main branch queue and preferences 1, 2, and 4 need to be turned on so that branch 15 user can route to the main branch (or any other queue) but not see entities in any non-authorized queues.  This will allow the user to route but not see entity information in the queues for which they do not have access.  However, this set up does not appear to exactly meet the use case in your first post where you said you wanted branch 15 user to only be able to route to main branch.  In order for branch 15 user to only be able to route to one of the queues, the user must have access rights to the queue and preference 4 would be unchecked.  Hope this helps.

View solution in original post

7 REPLIES 7
SASPM
SAS Employee SASPM
SAS Employee

Re: Routing problem in SAS Compliance Solution 7.4

Posted 05-09-2019 01:08 PM (2189 views)  |   In reply to Mohammed_sadeh

You can use the routeToAllQueues preference in the admin consol to determine if users are allowed to route to any queue or only queues where they have access rights. This means that the branch15 employee would need access to the main branch queue and the main branch employees would be set up with access to all queues.  

 

 

 

Mohammed_sadeh
Fluorite | Level 6 Mohammed_sadeh
Fluorite | Level 6

Re: Routing problem in SAS Compliance Solution 7.4

Posted 05-09-2019 03:29 PM (2173 views)  |   In reply to SASPM
thanks alot
0 Likes
Mohammed_sadeh
Fluorite | Level 6 Mohammed_sadeh
Fluorite | Level 6

Re: Routing problem in SAS Compliance Solution 7.4

Posted 05-16-2019 07:13 PM (2106 views)  |   In reply to SASPM
Dear SASPM,
in this case the Employee in branch 15 must has main branch queue(access right) in this case the employee can see all entity in the main branch,
Is there any solution to avoid this case?
0 Likes
SASPM
SAS Employee SASPM
SAS Employee

Re: Routing problem in SAS Compliance Solution 7.4

Posted 05-17-2019 08:56 PM (2089 views)  |   In reply to Mohammed_sadeh

Hi,

  • Users have access to a queue and to the items in the queue only with membership (direct or inherited) of the role that is configured for the queue access.
  • Roles are used by the investigation UI to filter items that a particular user may access. In addition, REST services are also performing additional validation for alerts to ensure only authorized users can access a particular item.

Preferences

    1.enforceQueuesForAlerts – Specifies whether to perform queue access checks for the alert details GET method

  • When the box is unchecked, only the REST service validation is disabled. The UI will not allow a user without access to access an alert. However, such validation can be bypassed by opening the alert from the Search results or by typing the alert URL directly in the browser.
  1. hideAlertsFromUnauthorizedQueues – Specifies whether to exclude from all alert lists the alerts from the queues that the user does not have access rights.
  • If the box is unchecked, all pages that display the list of alerts contain all alerts for the entity (case, customer, bank, and so on). If the user does not have access to the alert’s queue (if assigned), then the user is not able to triage the alert or open it.
  • If the box is checked, then alerts that the user does not have access to are not displayed in the UI, with a couple of exceptions. The Case details page always displays all alerts but access may be blocked based on the alert’s queue. Search results also display all alerts but the user is not able to open the alerts to which the user does not have access. The total alert count displayed on the entity triage list might not match the alert count on the entity details page.
  1. fcf.svr.aml.useRoutingToQueues – Specifies whether to use alerted entities routing to queues or Round Robin routing to users.
  2. routeToAllQueues –Specifies whether a user may route to any queue or only queues where they have access rights.

I believe for your use case, branch 15 user should be set up with a role that does not have access to items in main branch queue and preferences 1, 2, and 4 need to be turned on so that branch 15 user can route to the main branch (or any other queue) but not see entities in any non-authorized queues.  This will allow the user to route but not see entity information in the queues for which they do not have access.  However, this set up does not appear to exactly meet the use case in your first post where you said you wanted branch 15 user to only be able to route to main branch.  In order for branch 15 user to only be able to route to one of the queues, the user must have access rights to the queue and preference 4 would be unchecked.  Hope this helps.

Jack_Fizzon
Calcite | Level 5 Jack_Fizzon
Calcite | Level 5

Re: Routing problem in SAS Compliance Solution 7.4

Posted 10-01-2021 08:43 AM (1049 views)  |   In reply to SASPM

Could you tell me if there is a way to create queues by country. for example users from France see their own alerts, then users from Spain with their alerts too but those from Belgium see all countries ? 

0 Likes
Maarten_at_SAS
SAS Employee Maarten_at_SAS
SAS Employee

Re: Routing problem in SAS Compliance Solution 7.4

Posted 10-05-2021 08:04 AM (1013 views)  |   In reply to Jack_Fizzon

Yes you can. In his response, Matt Needles referred to the way we can permit/restrict access to alerts. You can make use of the fsk_advanced_alert table to make sure country code or name is included in the alert details, and then you can use these to route the alert on custom queues based on their country. In SAS Management Console, the user admin plug-in, you can define roles and groups that can be used by the custom queues. SAS AML consultants will be able to help you configuring the solution as per your needs. (Off topic: assuming Compliance Solution 7.4 is a typo error. The only version available in the 7 generation is SAS Compliance Solutions 7.1, which encompasses SASAML 7.1 and SAS CDD 7.1.

0 Likes
Mohammed_sadeh
Fluorite | Level 6 Mohammed_sadeh
Fluorite | Level 6

Re: Routing problem in SAS Compliance Solution 7.4

Posted 05-18-2019 04:28 AM (2073 views)  |   In reply to Mohammed_sadeh
thank you SASPM this was helpful for me
0 Likes
SAS' 10th Year as a Category Leader

Chartis names SAS a leader in both Model Risk Governance and Model Validation

Read the Report

Discussion stats
  • 7 replies
  • ‎05-08-2019 07:24 AM
  • 2222 views
  • 3 likes
  • 4 in conversation