Bank Department Showcase

We have a following preconditions:

4 members and 4 Portfolios:

- Finmars Admin Member
- Head of Private Banking Member
- Asset Manager Group A
- Asset Manager Group B



So, in the end Idea is that Head of Private Banking all 4 portfolios
Asset Manager Group A see only portfolios in Resource Group A
Asset Manager Group B see only portfolios in Resource Group B


Preconditions

Create Resource Groups

Go to Resource Group Page

Screenshot 2024-10-31 at 12.23.24.png

Press add new Resource Group

Screenshot 2024-10-31 at 12.24.12.png

In same manner add resource_group_b, or any other resource groups

At that point, that it, now you able to use it in Input Forms

Assign Portfolio to Resource Group

Go to Portfolios

Screenshot 2024-10-31 at 12.25.44.png

Open any Portfolio

Screenshot 2024-10-31 at 12.26.09.png

You should be able to see Resource Group Input (multiselect dropdown)
If you do not see it, go to Form Constructor and manually add this input to Form

Screenshot 2024-10-31 at 12.27.00.png
Select Resource Group - Portfolio Group A

And thats it!

Screenshot 2024-10-31 at 12.28.46.png

Not if you will return back to your Resource Group, you will see that that Portfolio is linked to this Resource Group

Create Resource Group Access Policy

Now is most interesting part

Go to Access Policies Page

Screenshot 2024-10-31 at 12.31.17.png

Now add new Access Policy

Screenshot 2024-10-31 at 12.33.04.png


So, here we must assign access to all actions to Portfolio Entity (if you do it for other entities, replace Portfolio with other Model Name)

Here is full JSON of that policy

{
  "Version": "2023-01-01",
  "Statement": [
    {
      "Action": [
        "finmars:Portfolio:create",
        "finmars:Portfolio:update",
        "finmars:Portfolio:destroy",
        "finmars:Portfolio:bulk_delete",
        "finmars:Portfolio:bulk_restore",
        "finmars:Portfolio:delete_preview",
        "finmars:Portfolio:list_ev_group",
        "finmars:Portfolio:list_ev_item",
        "finmars:Portfolio:list"
      ],
      "Effect": "Allow",
      "Resource": [
        "frn:finmars:iam:resourcegroup:portfolio_group_a"
      ],
      "Principal": "*"
    }
  ]
}

So, please NOTE BENE


"Resource": [
  "frn:finmars:iam:resourcegroup:portfolio_group_a"
],


Here ins Resource property

We must add FRN of our Resource Group, so - frn:finmars:iam:resourcegroup:portfolio_group_a

Thats it!

Now lets go to Member Page

Screenshot 2024-10-31 at 12.36.58.png

Go to Member Page

Screenshot 2024-10-31 at 12.37.25.png

Go to Attached Access Policies 

And attach our new Access Policy


Screenshot 2024-10-31 at 12.37.58.png

Save Member and thats it!

Now its all done, IAM will gave access to that portfolio that Member

Verify Access for that User

Log in under user who has access only to Resource Group A

 

Screenshot 2024-11-01 at 11.47.27.png

So, we just able to see that Potfolios that were assigned to Resource Group A

Lets remove Portfolio From Resource Group A


Screenshot 2024-11-01 at 11.48.26.png

And then remove ch-bnd-20394857

Screenshot 2024-11-01 at 11.49.40.png

Save and lets get back to our user and see his report

Screenshot 2024-11-01 at 11.50.03.png

So, user just able to see that Portfolios that linked to Resource Group A (which linked to his Member)

In same manner you able to configure Permissions for any number of Members and Resource Groups and Models