Best Practice: Restricting Employee Accounts from Everyday Users

Cindy Fisher | April 3, 2019

It is not uncommon for institutions to allow employees to take out personal loans or open deposit accounts. Or perhaps you hire a new employee who secured a loan or deposit account before they were employed with you. If this is a familiar situation with your institution, you may want to restrict who can view and handle accounts opened by fellow employees. These steps are for high-end security clearance supervisors or managers.

Accounts are designated as “employee accounts” as follows:

  • On the Households screen, either one or both of the Is Employee or Is Officer boxes must be checked, as shown below. Checking at least one of these boxes ensures the employee or officer account will not be found when users search for accounts on the Customer Search Screen (the first screen you see after logging in to CIM GOLD). When employee loans or deposit accounts are boarded into CIM GOLD, these fields are usually already checked. But if you have proper security, you can manually make changes to these fields. This may be the case if a person opened a loan with your institution, but later became an employee. You’ll want to ensure one of those fields are checked after the person becomes an employee.
Best practices 1

Customer Relationship Management > Households Screen > Names Tab > Detailed Personal Information Tab

  • For loan accounts, either Hold Code 69 (officer account) or 70 (employee account) designates the account as an employee account. Again, this Hold Code is usually boarded from the loan application when the loan is opened but can be designated later if you have the proper security.
  • The Hold Code fields are found on many screens in CIM GOLD, such as the Account Detail screen, Marketing and Collections screen, and Actions/Holds/Event Letters screen. See the example of these fields below:
bp

Loans > Account Information > Account Detail Screen

  • For deposit accounts, designate employee accounts by checking either the Employee Account? or Officer Director? checkboxes on the Deposits > Account Information > Account Information screen > Features/Options tab, as shown below:
best practices 2

Deposits > Account Information > Account Information Screen

Once the account is designated as an employee or officer account, a user who is restricted from seeing those types of accounts will receive the following message at the top of the screen if they attempt to access those accounts:

best practices 3

Setting Up Security Restrictions to Employee/Officer Accounts

GOLDPoint Systems’ security is robust enough to lock out users from gaining access to any screen and almost any field. The security can be based on individual settings or a profile, then every employee connected to that profile is restricted from that activity.

If you are the person responsible for setting up employees with security at your institution, the following steps explain how to restrict users from viewing employee accounts.

  1. After logging on to CIM GOLD, access the Security > Setup screen.
  2. Now you have two options: select the individual employee or select a System Profile for which you want to restrict employee account access.

a. To select an individual employee, select the Employees radio button, then select the employee from the list (as shown below).

best practices 4

 

b. To select a System Profile, select the System Profiles radio button, then select the profile from the list.

best practices 5
 

3. Make sure to uncheck the Display Effective Security box.

 

For this next set of steps, you need to set the actual security bits.

  1. With the employee or profile selected, access the System tab.
  2. Increase the PC Applications node.
  3. Scroll to CIM Can View Employee Accts (bit 27) and select the None radio button. Note: You may see other employee security options, but those are used in legacy software and have no effect on CIM GOLD. Bit 27 is the only option that works in CIM GOLD.
  4. Click <Save Changes>. That employee or profile is now restricted from viewing or changing employee/officer accounts.

Repeat these steps for as many employees or profiles as needed. Security changes do not take effect until users close CIM GOLD and log into it again.

best practices 6

Security > Setup Screen > System Tab

 

Note: Some users may be tied to a profile, or even two profiles, as well as have their own personal security settings. The system allows the highest security options available to that employee based on their profile or user security settings. The security setting rankings are:

Highest – Maintain

Middle - Inquire

Lowest - None

For example, employee Sally is tied to two profiles, Teller and Loans, as well as her own security settings.

The Teller Profile restricts Sally from viewing employee accounts.

The Loans Profile allows Sally to view and make changes to employee accounts.

Sally's personal security also restricts her from viewing employee accounts.

In this example, Sally would be able to view and make changes to employee accounts based on her connection to the Loans Profile, even though the Teller Profile and her own security restricts her from viewing employee accounts.

Tags: training, best practices, security

Cindy Fisher | April 3, 2019