Understanding Data Center Employee Security
The CU*BASE Employee Security feature is designed to control credit union employee access to CU*BASE features. Although the system is flexible enough to accommodate a variety of job functions and employee needs, it is designed to be comprehensive enough to protect your valuable data from being accessed inappropriately.
The employee security options described here are in addition to the User ID security and password which allows an employee to log in to the CU*BASE system. The security described here controls each employee's access to individual CU*BASE tools via their Employee ID.
The type of security required and the method for controlling security is determined by the “access point” for the specific tool. There are two basic categories: Tool Access and Special Member Access.
These tools are accessed directly from the CU*BASE Home Page. If a user does not have access to the tool, he or she will be able to see the tool on the Home Page, but will not be able to access it.
First, an employee profile is created to assign an employee ID and password, as well as to control access to teller posting and assign a vault number. At this point, however, no actual tools can be accessed.
Next, access must be granted to the specific tools which the employee needs to complete his or her job. Once access is granted to tool, the employee has access to it. (A good rule of thumb is to have the employee log off CU*BASE and log back in for their Home Page to reflect the change.)
Shortcuts provide quick access to many of the most commonly-used CU*BASE features. From the Home Page, a user can enter a shortcut and quickly move to the desired feature. When a tool access is granted, if the tool has a shortcut assigned to it, the employee also is granted access to the shortcut.
In addition, there are some features which can be accessed while working within another CU*BASE feature. For example, a user can proceed to the “Open Memberships/Accounts” feature while working in teller posting. For these situations, special security must be assigned.
This includes security to handle “special” memberships—those which belong to employees, Board members, relatives, etc.
The overall security configuration for each credit union employee is generally determined by the employee's job function. The employee is granted the access he or she needs to complete all required tasks. However, it is important not to overlook that employee’s access to his or her own account, as well as to consider the requirements of other “special” memberships, such as other employees, Board members, relatives, etc.
CU*BASE accomplishes this by allowing a special identifying code to be assigned to these special memberships. These codes, called Insider/Employee Type Codes, are added to each individual membership record to “flag” the account as belonging to a special group. Each of the type codes is assigned a specific set of security restrictions relating to inquiry, file maintenance, and posting.
In addition, adjustments or overrides can be made for specific employees to control access to specific accounts. For example, an employee could be allowed inquiry access to his own account and be restricted from posting, while all other employees would be restricted from inquiry on that account but allowed to post a transaction for the employee.
For internal auditors and supervisors, you can also choose to grant full access to all accounts, even those marked with Insider/Employee Type codes, by using an “All member accounts” option in employee security. This saves time by not requiring you to make adjustments to each individual account, one at a time. (If necessary, you can still make an exception for that employee's own account.) Click here for more information.
SEE ALSO: Insider/Employee Type Codes Step by Step
In order for CU*Answers to assist its clients with day-to-day support issues and perform various daily and monthly processing tasks on their behalf, it is necessary for CU*Answers employees to have access to tools and credit union files similar to credit union employees.
CU*BASE gives each credit union complete control over what data center staff is allowed to do on their files, without adding additional maintenance chores for the CU or for CU*Answers, and without using up more credit union employee ID numbers. This is accomplished by the use of a central, single file that stores IDs for CU*Answers employees, and the use of “alias” IDs on credit union Employee Security master files (such as 89, but can be any reserved ID 89 through 99).
The alias ID controls what tools can be accessed by any CU*Answers employee that is tied to that alias. So if Employee 89 can do something, any CU*Answers employee ID that uses 89 as an alias can do it, too. If 89 is restricted, so are the corresponding CU*Answers employees. So all the CU security officer is responsible for is controlling the credit union's settings for 89.
For complete information about Data Center Staff IDs and the security policies in place for CU*BASE client support representatives, refer to the Data Center Employee Security booklet.