Professional Documents
Culture Documents
Administration Guide
This guide describes how to perform Alliance Lite2 administration tasks. These tasks include user management and
reference data management. This guide is for security officers and the personnel who have been assigned the role of
Alliance Lite2 administrator.
20 July 2017
Alliance Lite2
Administration Guide Table of Contents
Table of Contents
Preface............................................................................................................................................................... 4
2 Get Started............................................................................................................................................. 14
2.1 DNS Installation and Configuration........................................................................................................17
2.2 Firewall Settings.................................................................................................................................... 19
2.3 Install Java............................................................................................................................................. 21
2.4 Configure Java Settings.........................................................................................................................21
2.5 Configure Internet Explorer Settings..................................................................................................... 22
2.6 Install Driver for Personal Tokens.......................................................................................................... 22
2.7 Remove the Token Software..................................................................................................................29
2.8 Activate Tokens for Customer Security Officers.....................................................................................30
2.9 Create a Distinguished Name................................................................................................................32
2.10 Authorise the DN and Approve the Operator and Issue the Activation Code........................................ 36
3 User Management..................................................................................................................................38
3.1 Operators...............................................................................................................................................38
3.2 Operator Profiles................................................................................................................................... 50
3.3 RBAC Roles for Browse Services..........................................................................................................55
20 July 2017 2
Alliance Lite2
Administration Guide Table of Contents
5.2 AutoClient.............................................................................................................................................. 81
5.3 BIC_View............................................................................................................................................... 82
5.4 LSO and RSO........................................................................................................................................82
5.5 MsgUpload............................................................................................................................................ 83
5.6 Msg_All..................................................................................................................................................84
5.7 Msg_AllOthr...........................................................................................................................................90
5.8 Msg_Audit..............................................................................................................................................90
5.9 Msg_Auth...............................................................................................................................................91
5.10 Msg_Oper..............................................................................................................................................94
5.11 OPER_SignOn...................................................................................................................................... 99
5.12 RMA_All.................................................................................................................................................99
5.13 RMA_Auth........................................................................................................................................... 103
5.14 RMA_Oper...........................................................................................................................................106
20 July 2017 3
Alliance Lite2
Administration Guide Preface
Preface
Purpose of the document
This administration guide describes how to perform Alliance Lite2 administration tasks. These tasks
include user management and reference data management.
Audience
This document is for the following audience:
• Security officers
• Alliance Lite2 administrators
Significant changes
The following table lists all significant changes to the content of the Alliance Lite2 Administration
Guide since the April 2016 edition. This table does not include editorial changes that SWIFT makes
to improve the usability and comprehension of the document.
New section added How to Change the Name of Customer Security Officers on
page 8
System requirements for AutoClient have System Requirements for AutoClient on page 11
been updated.
The section on how to renew personal Token-Based Certificates and Channel Certificates on page 12
token certificates has been updated, in
case of token expiry.
When to use the SWIFTNet Online Log in to SWIFTNet Online Operations Manager on page 32
Operations Manager has been updated.
20 July 2017 4
Alliance Lite2
Administration Guide Preface
20 July 2017 5
Alliance Lite2
Administration Guide Introducing Alliance Lite2
Customer SWIFT
Alliance Lite2
Web interface
Internet or
AutoClient SWIFTNet
MV-SIPN
Alliance
Lite2 Bank
server
Back-office
application
D1370004
20 July 2017 6
Alliance Lite2
Administration Guide Introducing Alliance Lite2
Types of environment
Alliance Lite2 offers two types of environments:
• Live environment: You use this environment to send live business messages and files. This
environment is also called Production environment.
• Test environment: You use this environment to exchange Test and Training messages and
files. Other benefits of this environment are as follows:
- New Alliance Lite2 users can try the Alliance Lite2 service in a safe environment before
using the Live environment. Messages and files that users exchange in the Test environment
have no financial consequences.
- Existing Alliance Lite2 users can exchange test messages and files with a new
correspondent to learn how to send and process messages and files properly.
- Customers can test new Alliance Lite2 releases.
You can view only live messages and files in the Live environment and only test messages and files
in the Test environment. The Test environment is a simulation of the Live environment, and you
cannot send, view, or process a live message or file in the Test environment. Messages or files that
you send from the Test environment are marked as test or pilot so that recipients of these
transactions do not process them as live messages or files.
20 July 2017 7
Alliance Lite2
Administration Guide Introducing Alliance Lite2
The Alliance Lite2 customer security officers are responsible for user management of both the Live
and Test environments.
A customer security officer's functions fall into the following categories, as shown in the following
table.
User setup tasks Define an operator for each Alliance Lite2 user.
Generate reports related to roles, user entitlements, and security audit trails.
Relationship Select the RMA relations or BICs that your organisation wants to transact with.
Management
For more information, see the Alliance Lite2 Administration Guide - RMA.
tasks
20 July 2017 8
Alliance Lite2
Administration Guide Introducing Alliance Lite2
• monitor and confirm the status of message transactions, from creation to final delivery, including
those transactions handled by AutoClient.
• generate reports on message transactions or file transfers.
• access Browse services that are offered on SWIFTNet. This function is only available if your
institution has subscribed to one or more of these Browse services.
An operator may have the permission to create message transactions, but may not have the
permission to approve these message transactions. Another operator may have the permission to
create and approve message transactions, including their own.
Related information
AutoClient User Guide
20 July 2017 9
Alliance Lite2
Administration Guide Introducing Alliance Lite2
Generating the certificate and key pair on the tamper-proof token ensures that the private key is
completely secret. The key is not known to any other party, not even SWIFT. Only a person that has
a valid token and knows the password associated with this token can use Alliance Lite2.
Category Requirement
Operating system The Alliance Lite2 Web interface runs on the following operating systems:
• Windows 7 Professional (32-bit or 64-bit) with Internet Explorer 8.0, 9.0, or 10 (compatibility
mode)
• Windows 8.1 R2 (64-bit) with Internet Explorer 11 (compatibility mode)
20 July 2017 10
Alliance Lite2
Administration Guide Introducing Alliance Lite2
For more information, see the most recent version of the Network Access Control Guide >
Multiple Secure IP Network Access Configurations and Routing.
- Decide which host uses which environment (MV-SIPN or Internet).
- Configure the name resolvers in their workstations according to the environment.
• Central DNS proxy/forwarders
If your institution enforces the use of central Domain Name System (DNS) proxy/forwarders,
then it must support DNS capabilities (Views/ Split Horizon) that based on the source IP resolve
the URL according to your institution's policy specification (that is, use MV-SIPN or Internet).
Category Requirement
20 July 2017 11
Alliance Lite2
Administration Guide Introducing Alliance Lite2
Category Requirement
Connectivity • Standard broadband Internet access with minimum 128 kbps (for example, ADSL, WiFi,
cable, and other forms). Dial-up connectivity is insufficient.
- AutoClient can connect to the Internet through a firewall or HTTP proxy (see Firewall
Settings on page 19).
- AutoClient connects to the Alliance Lite2 server over TLS (V1.2 and above), TCP port
443. SSL V3 (or previous versions) is no longer supported.
- When using the configuration tool to create a channel certificate, TCP port 49171
must be open.
• Connect optionally (by means of a separate subscription) through SWIFT's highly resilient
and reliable multi-vendor secure IP network (MV-SIPN). You can find more information
about SWIFT's Alliance Connect products at www.swift.com > Products & services >
Connectivity.
You can ask SWIFT to disable Internet access for all your users, only allowing access
through SWIFT's Virtual Private Network (VPN).
• You can also use both connection methods. For more information, see the "Infrastructures
connected to both the Internet and MV-SIPN" of the Administration Guide.
Unlike the Alliance Lite2 web interface, AutoClient does not need Internet Explorer or a Java plug-in
and can be run on a PC where Internet Explorer is not used to browse.
Note Even if Java is installed, it will not be used by AutoClient. AutoClient comes with its
own Java Runtime Environment (JRE).
The AutoClient software can be installed and operated on a system running under virtualisation
technologies that properly support USB ports, such as VMWare Workstation. A notable
counterexample is the (free) version of VMWare server, which cannot be used due to lack of proper
support for USB ports. USB ports are not required if you use AutoClient with a channel certificate.
AutoClient can be remotely monitored and operated using technologies that do not create conflicts
with USB ports, such as SSH or the VNC protocol (for example, RealVNC). A notable
counterexample is Windows Remote Desktop (or Windows Terminal Services), which cannot be
used due to conflicts with the SafeNet driver for the USB ports. Citrix is not supported, for the same
reason as that for VMWare server.
Note Remote desktop, Citrix, and VMWare Server can be used with channel certificate.
Important SWIFT cannot test against all virtualisation technologies available on the market. It is
the user's own responsibility to verify the suitability of the virtualisation technology
chosen by the user.
20 July 2017 12
Alliance Lite2
Administration Guide Introducing Alliance Lite2
allow the owner of the token or the application itself to be identified. The token is personal and must
not be shared with another user. It is protected by a password that the owner of the token must
keep private.
Channel certificates
A channel certificate is an encrypted, disk-based profile file that provides a means for SWIFT to
authenticate the identity of an application. Alliance Lite2 supports channel certificates as an
alternative means to physical tokens. The channel certificate only secures the connection from the
Alliance Lite2 machine to the Alliance Lite2 server in SWIFT's central infrastructure. In addition,
SWIFT uses channel certificates to generate non-repudiation evidence of the emission of a
business message from an Alliance Lite2 customer to the Alliance Lite2 server at SWIFT.
Channel certificates can only be used for AutoClient with an MV-SIPN connection that belongs to
the owner of the channel certificate. Channel certificates cannot be used for the Alliance Lite2 Web
interface. In addition, channel certificates are not permitted for human-to-application flow, such as
SWIFT WebAccess services.
20 July 2017 13
Alliance Lite2
Administration Guide Get Started
2 Get Started
Before you begin
Alliance Lite2 is provisioned with two predefined customer security officers: the left customer
security officer (left-cso) and the right customer security officer (right-cso).
These security officers must receive all of the following items from SWIFT before starting the
installation process:
• the Alliance Lite2 installer (to install AutoClient)
The installer for AutoClient is on the mini-USB memory key that you received from SWIFT.
• the box of 10 personal tokens (sent to one of the security officers)
• the initial token password to unlock the tokens (sent by e-mail to the other security officer)
Start-up process
This section explains how to get started with Alliance Lite2.
20 July 2017 14
Alliance Lite2
Administration Guide Get Started
WHO WHAT/WHERE
Customer Configure
Install/configure DNS Install Java
system firewall security
administrator Depends on customer between Alliance Lite2
workstation and the internet all PCs that use personal token
1 DNS setup 2 3
Operators with
Set up RMA authorisations
appropriate
permissions
Alliance Lite2 interface
10
D1370008
WHEN
20 July 2017 15
Alliance Lite2
Administration Guide Get Started
1. DNS Installation For MV-SIPN connectivity only Several options are Your system
and Configuration on available including: administrator
Install and configure DNS
page 17 (1)
server. • install a DNS server
on each workstation
• install a DNS server
on one workstation
and point other
workstations to this
workstation
• deploy a central
DNS server
SWIFT recommends
that you discuss the
DNS flow deployment
with your internal IT
department.
2. Firewall Settings on Configure the firewalls to allow Between the Alliance Your system
page 19 the appropriate IP addresses Lite2 workstations (both administrator
and ports. the Alliance Lite2 Web
interface (browser) and
the AutoClient) and the
Internet or the multi-
vendor secure IP
network (MV-SIPN).
3.Install Java on page This is a one-off set-up On all PCs on which the Your system
21 procedure that you must do personal token is used administrator
before you install the driver for
the personal tokens.
4. Install Driver for This is a one-off procedure that On all PCs on which the Your staff responsible for
Personal Tokens on you must complete to have the personal token is used SWIFT installation
page 22 necessary software to configure
and to read the certificates on
personal tokens.
5. Activate Tokens for This is a one-off procedure that SWIFT Certificate Both customer security
Customer Security both customer security officers Centre on officers
Officers on page 30 must complete to access www.swift.com/
SWIFTNet services. certificates
6.Create a DN on Both customer security officers Alliance Lite2) > Both customer security
page 33 must follow this procedure to Browse Services > officers
create the DNs for each of the SWIFTNet Online
institution's Alliance Lite2 Operations Manager (2)
operators.
20 July 2017 16
Alliance Lite2
Administration Guide Get Started
7. Add an Operator on Add and approve the operators. Alliance Lite2 > User The left or right
page 46 Configuration > customer security officer
Operators (2)
9. Log in to Alliance For more information about the Alliance Lite2 All staff that use Alliance
Lite2 normal daily login procedure, Lite2
see the Alliance Lite2 User
Guide.
10. Set up RMA Relationship Management helps Alliance Lite2 > RMA (2) Operators with the
authorisations with you manage business appropriate permissions
your correspondents relationships with counterparties (see the Administration
(banks or other through authorisations that are Guide - RMA > Operator
institutions). sent as XML messages over the Profiles and
RMA service. Permissions)
(1) This task is applicable only to Windows server versions, not Windows 8.1, or Windows 7. For a Windows Client OS, a third-
party DNS server must be installed. Alternatively, you may use an HTTP proxy to deal with the DNS requests.
(2) Alliance Lite2 menu items appear in bold.
Process
1. Install the DNS on page 18.
2. Configure the DNS Server on page 18.
3. Configure the Network Adaptor to Use Local DNS (Windows) on page 18.
20 July 2017 17
Alliance Lite2
Administration Guide Get Started
CAUTION You must disable DNS caching. This is critical for Alliance Lite2 to work correctly.
Procedure
1. Log in to the computer with administrator privileges.
2. Click Start > Control Panel > Network and Internet > Network and Sharing Center.
3. Click Local Area Connection.
20 July 2017 18
Alliance Lite2
Administration Guide Get Started
Firewall security
For services to function correctly, the firewall must allow outgoing TCP connections to the URLs or
IP addresses listed in the table below. Systems using channel or token-based certificates require
these connections.
For AutoClient, open TCP port 49171 so that the configuration tool can create the channel
certificate.
Note No incoming connections are required. SWIFT recommends that users block all
incoming connections from the internet.
If you are using a local (host-based) firewall on the computer that runs AutoClient, then it must be
configured to accept a local connection between two AutoClient processes on this computer
(localhost port 8000). This TCP connection flow is required for AutoClient to function normally.
To benefit from SWIFT's Distributed Denial of Service (DDoS) mitigation solution available for
Internet-facing services, additional firewall configuration is required. This additional configuration
limits the operational impact to your institution in case SWIFT is subject to a DDoS attack. For
additional information, see Knowledge Base tip 5019964
20 July 2017 19
Alliance Lite2
Administration Guide Get Started
Test environment
If you have a firewall set up on your system, and if you encounter problems accessing Alliance
Lite2 because of this, then configure your firewall to allow the following IP addresses:
For GUI access and AutoClient 149.134.170.12 (TCP port 443) 149.134.63.4 (TCP port 443)
WebAccess
fileacttest.alliancelite2.swift.com
For SWIFT Certificate Centre 149.134.170.6 (TCP port 443) 149.134.63.252 (TCP port 443)
Live environment
For GUI access and AutoClient 149.134.170.9 (TCP port 443) 149.134.63.8 (TCP port 443)
WebAccess
fileact.alliancelite2.swift.com
For SWIFT Certificate Centre 149.134.170.6 (TCP port 443) 149.134.63.252 (TCP port 443)
certificates.swift.com
scc.swiftnet.sipn.swift.com
For more information about firewall settings, see the Network Configuration Tables Guide.
20 July 2017 20
Alliance Lite2
Administration Guide Get Started
Next
Configure Java Settings on page 21
20 July 2017 21
Alliance Lite2
Administration Guide Get Started
Depending on the version of Java that you are using, some of the settings may not be applicable. If
a setting does not exist for your version, then please ignore it.
20 July 2017 22
Alliance Lite2
Administration Guide Get Started
• To check this, open Windows Explorer, right-click the C: drive and select Properties. A System
(C:) Properties window opens:
• To access the SWIFT Certificate Centre, your system requires a 32-bit version of the Java
Runtime Environment (JRE). For more information about the minimum supported versions, see
Install Java on page 21.
• The Windows Script Host (WSH) must be enabled for the .vbs scripts used by the installer to
execute properly. This setting is enabled by default.
• The Windows Smart Card Service must be started for the proper detection of the certificate by
the SafeNet authentication client. This service is started by default.
You can install the token software on a PC that is running either the 32-bit version or the 64-bit
version of Windows. However, you must use the 32-bit versions of Internet Explorer and the Java
Runtime Environment to access the SWIFT Certificate Centre and configure your tokens.
The installation procedure checks that the required versions are installed on your system. For more
information, see Install the Token Software in Interactive Mode on page 25.
Procedure
1. For Windows 8 and above: From the Start window, click the Desktop tile to enter desktop
mode.
2. Navigate to the SWIFT Certificate Centre.
3. On the Getting started page, there is a link that enables you to download the token installation
software.
Click the link.
20 July 2017 23
Alliance Lite2
Administration Guide Get Started
4. Save the software installation file on your PC. The file name is Personal_token_install.zip.
Procedure
1. Navigate to the folder in which you saved the installation software zip file.
Either unzip the archive and navigate to the extracted folder OR
Double-click the zip file. In either case, the following window appears.
2. Double-click the software installation file contained within the zip file.
The Welcome to the SWIFT Token Client Installer window opens and you are ready to start
the installation in Interactive Mode. Refer to Install the software on page 25.
Prerequisites
To install or remove the token software on PCs in silent mode, you must have administrator rights
for all of the PCs involved.
Note SWIFT recommends that you close all other applications running on the PC before
installing the token software.
Procedure
1. Extract the contents of the zip file Personal_token_install.zip, including the Silent
subfolder to a folder of your choice.
2. Start a DOS command window and navigate to that folder. Execute the following command to
start the silent installation:
If you want to customise the installation, then you can do so by setting the options in the file
silent-install.properties. This file provides the explanation of each option available.
20 July 2017 24
Alliance Lite2
Administration Guide Get Started
Prerequisites
To install or remove the token software on a PC in interactive mode, you must have administrator
rights for that PC.
Note SWIFT recommends that you close all other applications running on the PC before
installing the token software.
Procedure
1. After you double-click the software installation file, the Welcome to the SWIFT Token Client
Installer window opens. This window informs you of the actions that are performed during
installation.
Click Next .
The SWIFT Token Client Location window opens.
Important Although it is possible to customise the options, SWIFT recommends that you
accept the proposed installation options.
2. If you want to customise the installation, then you can do so by selecting or clearing the
following options:
• Install SafeNet Authentication Client - the installer checks whether there is already an
appropriate version of the SafeNet Authentication Client installed on the PC and installs it if
needed. The SafeNet software contains the drivers needed for the token to be recognised.
You can clear this box if you want to install the SafeNet software after the token software is
installed.
• Install SWIFT Token Client - this configures the SWIFT environment on the PC and,
therefore, you cannot modify this setting.
20 July 2017 25
Alliance Lite2
Administration Guide Get Started
• Import SWIFT CA certificate - if you select this box, the installer automatically imports the
SWIFT CA certificate on to your PC.
Clear this box if your company policy does not allow you to import certificates. (In this case,
each time that you access the portal you get a warning pop-up message that says you are
using an untrusted certificate. Click OK on the warning, the pop-up closes, and you can
access the portal.)
• Configure Browser settings - if you select this box, then the installer enables TLS version
1.0, TLS 1.1 and TLS 1.2 on your internet browser and disables SSL 2.0 and SSL 3.0 as
these options are considered not secure.
It shows the proposed folder location for the software installation files. If you want to change the
default location, then click Browse... and navigate to the required folder for installation.
However, the SafeNet authentication software is stored in a default folder that cannot be
changed. The location of this software is shown in the field SafeNet Authentication Client
Folder Name.
Click Next .
4. The installer then runs a test to verify that the PC can support the token software installation.
This can take a few moments to complete.
If one or more of the configuration tests fail, then the System Configuration Test Results
window opens.
If all of the configuration tests are successful, then the SWIFT Token Client Installer
confirmation window opens (see the next step).
20 July 2017 26
Alliance Lite2
Administration Guide Get Started
The tests compare the Recommended conditions for installation to the Actual conditions of
the user's PC.
The Result in each case appears as OK, as a Warning or an ERROR.
If there is a Warning/ERROR, then an explanation appears in the lower half of the screen.
In the case of a Warning, the installation can continue. In the case of an ERROR, it cannot.
In the example above, the PC does not have a recommended version of Java installed on it. It
is only a Warning because the installation can complete with a lower version of Java, but there
can be problems when accessing the SWIFT portal.
In this case, there is also a link directly to the Java web site from where you can download the
latest version of Java software.
Click Next .
5. The SWIFT Token Client Installer confirmation window opens.
20 July 2017 27
Alliance Lite2
Administration Guide Get Started
20 July 2017 28
Alliance Lite2
Administration Guide Get Started
Click Finish .
8. The Reboot notice window opens.
Restart your computer to complete the installation. Click Restart now or Restart later .
20 July 2017 29
Alliance Lite2
Administration Guide Get Started
Important For back-up purposes, SWIFT recommends the creation of an additional left security
officer (LSO) and an additional right security officer (RSO). This means that your
institution will have four operators with security officer permissions. This is very useful
when one of the two original customer security officers is unavailable (for example, on
holiday) or forgets his password. Certain actions can only be done if both the left
security officer and the right security officer are present. To create these additional
operators with security officer permissions, see Knowledge Base tip 5017169.
20 July 2017 30
Alliance Lite2
Administration Guide Get Started
Procedure
1. Retrieve the activation code from Secure Channel (see the Secure Channel User Guide).
2. Open Internet Explorer and navigate to http://www.swift.com/certificates.
The SWIFT Certificate Centre window appears.
3. Insert your token into a free USB port of your workstation.
4. Click Login .
The Confirm Certificate window appears.
5. Check that you are using the correct certificate by clicking the link Click here to view
certificate propr....
The correct certificate is issued by SWIFT and has a numeric name.
6. Select the certificate and click OK .
The Token Logon window appears.
7. Type the initial password that was supplied with the token in the Token Password field and
click OK .
You receive your token from one security officer, and the initial password from the other security
officer.
8. You may have to provide the password a second time.
The SWIFT Certificate Centre Login window appears.
9. Type the initial password that was supplied with the token in the Enter your token password
field and click Login .
The Token Activation window appears.
10. Click Next .
11. In the Enter Activation Code window, type the activation code that you obtained through
Secure Channel and click Validate .
If there is a problem with the activation code, then re-enter the code and click Validate again.
Note The activation code is required only once to complete the activation. After
activation is complete, this code cannot be reused.
12. You must now set your own password for the token. Complete the following fields in the
Change password window:
Current Password Enter the initial password that was supplied with the token.
New Password(1) Provide a strong new password. The rules for passwords are as follows:
• Minimum length is four characters (maximum is 20 characters).
• Lowercase (a-z) and uppercase (A-Z) characters are allowed.
Password is case-sensitive.
• Digits 0-9 are allowed.
• All printable ASCII characters are allowed.
• You must use at least two different characters. For example, you cannot
set the password to aaaa or 11111.
• You cannot reuse the previous password. There is a password history
of two years.
20 July 2017 31
Alliance Lite2
Administration Guide Get Started
(1) There is no expiry date set on this password. The system will never ask you to change the password.
Prerequisites
You must be a Alliance Lite2 customer security officer to perform this task.
Procedure
1. Insert the activated token.
2. Log in to Alliance Lite2 with the appropriate URL:
• on the Internet
https://alliancelite2.swift.com
• on MV-SIPN
https://alliancelite2.swiftnet.sipn.swift.com
3. Click Login to Live Service - Alliance Lite2 customers on the right of the page.
The Select a Certificate window appears.
20 July 2017 32
Alliance Lite2
Administration Guide Get Started
Important The SWIFTNet Online Operations Manager can be accessed only through the
Alliance Lite2 login page for the Live environment (see step 2). It is not accessible
through the Test environment.
If you (customer security officer) must create a DN for an operator in the Test
environment, then do the following:
• Go through the Alliance Lite2 Live environment to create the DN in SWIFTNet
Online Operations Manager.
• Log in to the Test environment to create the Test and Training operator with the
DN.
You follow the procedure of creating an operator in the Test environment in the
same way as you do to create an operator in the Live environment, see the
Administration Guide.
2.9.2 Create a DN
Procedure
1. Log in to the SWIFTNet Online Operations Manager (O2M). For more information, see Log in to
SWIFTNet Online Operations Manager on page 32.
2. Go to Security > Certificate Management - User and click the User certs tab.
Note In the same way as you click New to create new users, you also have a Recover
option that allows generating new codes and secrets in case they are required for
existing users. You must follow the same procedure as the one for creating new
users (described as follows) when you use the Recover option
20 July 2017 33
Alliance Lite2
Administration Guide Get Started
3. In the tree view, determine where in the hierarchy the new user is to be positioned. This
position in the tree determines the unique distinguished name created for the new user. SWIFT
recommends that you minimise the number of levels used in the tree to facilitate maintenance
of the tree. Put the user under an existing node by clicking that node to select it. The DN has a
size limit of 100 characters.
Example of a DN: cn=john-smith,ou=departmentname,o=bankbebb,o=swift, where:
• the cn= segment has the name of the token holder
• the ou= segment allows you to group multiple users under the same organisation unit in your
tree
• the first o= segment contains your live BIC
CAUTION You must not put multiple cn=xxx in one DN as this does not work. It is possible to
create the node in the SWIFTNet Online Operations Manager, but it is not possible
to use it for Browse. For example, you must NOT use
cn=bruno,cn=john,o=bankbebb,o=swift.
4. Click New .
The New window appears.
Type a name for the new user and select the type Human or Application.
20 July 2017 34
Alliance Lite2
Administration Guide Get Started
20 July 2017 35
Alliance Lite2
Administration Guide Get Started
11. Click OK .
The 4-Eyes-Token window appears. This window displays a 14-digit code. Copy the full name
of the created DN for reference later.
Procedure
1. In Alliance Lite2, the other customer security officer must select the Browse Services menu
and select the SWIFTNet Online Operations Manager.
2. Go to Security > 4-eyes Authorisation.
3. Enter the 14-digit 4-eyes token code (see step 11 on page 36) and click Retrieve .
Once the retrieval is done, the Authorise button is enabled.
4. Click Authorise .
After a few moments, the information for the DN is updated.
5. Enter your token password and click OK .
An Operation Successful window appears. Click OK .
6. Go to Security > Certificate Management - User.
20 July 2017 36
Alliance Lite2
Administration Guide Get Started
Note The status Ready for Certification will be shown and the Certify button does not
need to be used.
7. Double-click the DN that the first security officer has created to display the information for the
DN.
8. Click the + sign to the left of the Activation Secrets field to display the 28-digit activation code.
9. Copy the activation secrets and pass them to the personal token user (operator).
Give also the initial password to the operator. The initial password was sent by SWIFT to the
right customer security officer. It is the same for all tokens. The operator needs this password to
activate the token on the SWIFT Certificate Centre.
10. You can optionally enter a description of the new user and DN in the Description field.
11. Click Log off to quit the SWIFTNet Online Operations Manager.
12. You are still logged in to Alliance Lite2. Select Operators from the User Configuration menu.
13. From the list of operators, select the check box next to the operator that has been created. Click
Approve .
The Approval Status of the operator is now Approved. The Enable Status of the operator is
now Enabled.
Next
Activate the Token on page 30
20 July 2017 37
Alliance Lite2
Administration Guide User Management
3 User Management
3.1 Operators
SWIFTNet security Authorised representative for all the The SWIFT Customer Security
officer communication with SWIFT about Management (CSM) department plays the
SWIFTNet security. role of SWIFTNet security officer for all
Alliance Lite2 customers.
SWIFTNet security officers control the
security of their institution by maintaining
the certificates of their institution and
assigning roles to these certificates.
An institution must have at least two
security officers.
20 July 2017 38
Alliance Lite2
Administration Guide User Management
Alliance security Configures and manages the security SWIFT controls the left security officer
officer functions within Alliance Access or Alliance (LSO) and the right security officer (RSO)
Entry. role of the Alliance Lite2 infrastructure.
There are two security officers, the left
security officer (LSO) and the right security
officer (RSO). Together they control which
users can sign on to Alliance Access and
what those users are permitted to do.
Alliance Lite2 Used to create, manage and approve This role is played by staff of each Alliance
customer security operators. Lite2 customer and allows them, for their
officer own institution, to maintain operators on
This role combines the roles of SWIFTNet
Alliance Lite2 and to control security on
security officer and Alliance security officer
SWIFTNet.
but the role is restricted for some
operations and is assigned to one
institution only. Each institution has a copy
of this role that restricts operations to the
institution itself.
20 July 2017 39
Alliance Lite2
Administration Guide User Management
Display
Operators
Operators page
Status You can select one of these values to filter on the approval status of the ✓
operator definitions:
• Approved
• Wait RSO Approval
• Wait LSO Approval
• Unapproved
You can also select one of these values to filter on the operator status
values:
• Enabled
• Disabled
• Time Disabled
20 July 2017 40
Alliance Lite2
Administration Guide User Management
Operators page
Last Login This picker enables you to filter operators who have not logged in since a ✓
Date selected date. No result is returned for an operator who has never logged in.
Profiles You can filter on the profiles using one of these two options: ✓
• Matching String: If you select this option, then type an operator
profile name in the corresponding field. The wildcard characters % and _
enable you to search for a group of names.
• Matching Selection: If you select this option, then select one or
several operator profiles in the Available list.
20 July 2017 41
Alliance Lite2
Administration Guide User Management
Display
Details
Field Description
Name The operator's login. This name must be unique and can have up to 150 alphanumeric
characters. The following characters are allowed: @ . _ - : .
The operator's name must be prefixed with <BIC8>_. For example,
BANKBEBB_James.
The <BIC> in the operator's name is the Live BIC.
Status The approval status of the operator definition and operator status
20 July 2017 42
Alliance Lite2
Administration Guide User Management
Field Description
User DN The distinguished name of the operator as created by the left or right customer
security officer on the SWIFT Online Operations Manager.
DN validation is performed on this field as follows:
• Length <= 100
• Number of levels between 2 and 10
• All levels of the form "…=<<value>>", with <value> between 1 and 20
alphanumeric characters (plus "-", "%", " ")
• Last level = "o=swift"
• Next-to-last level = "o=<bic8>" or "o=swift"
• Others in the format "ou=…" or "cn=…"
20 July 2017 43
Alliance Lite2
Administration Guide User Management
Display
Details
Host Address The IP address or host name of the Alliance Web Platform Server-Embedded host
where the operator initiated a session. The address of the browser used to create the
session is logged in Alliance Web Platform Server-Embedded. For more information,
see viewing user session properties in the Web Platform Administration and
Operations Guide.
Expiration For Web services sessions, the time at which the session automatically expires if no
action is taken before
20 July 2017 44
Alliance Lite2
Administration Guide User Management
Functions
20 July 2017 45
Alliance Lite2
Administration Guide User Management
Procedure
1. From the list of operators, click Add .
20 July 2017 46
Alliance Lite2
Administration Guide User Management
You can also add an operator using the characteristics of an existing operator.
Select the check box of an operator and click Add As .
The Operator Details window opens.
The status is Unapproved/Disabled.
2. In the Configuration tab, type a name for the operator in the Name field.
This name must be unique and can have up to 150 alphanumeric characters. The following
characters are allowed: @ . _ - : .
SWIFT recommends that you select something simple, such as the operator's first name.
The name must be prefixed with your <BIC8>_. For example, BANKBEBB_James.
If you are using the AutoClient token, then <BIC8>_AutoClient appears by default in the Name
field. You must not change this value.
3. In the Description field, type the full name of the operator or another description.
4. In the Type drop-down list, select one of the following values:
• Application
• Human
Note SWIFT can configure additional operator profiles for Alliance Lite2 customers as a
payable option. Additional operator profiles can be requested either as part of the
initial set-up services, or ordered as additional configuration change requests. To
request this configuration change, contact SWIFT Support.
8. The only available unit is <BIC8>_Unit that appears in the Units Selected list by default.
Note SWIFT can configure additional units for Alliance Lite2 customers as a payable
option. Additional units can be requested either as part of the initial set-up
services, or ordered as additional configuration change requests. To request this
configuration change, contact SWIFT Support.
9. Click Save then click Approve .
On the Operators page, the Approval Status of the operator that you just added changes to
Wait LSO Approval or Wait RSO Approval.
If you change the profiles, then the operator must be re-approved by both security officers or
operators with the appropriate approval entitlement.
20 July 2017 47
Alliance Lite2
Administration Guide User Management
Next
Effect on passwords when modifying an operator:
• If user passwords are used on your system, then the modified operator can continue to sign on
with an existing password.
• If you are using a Radius one-time passwords:
- If you change the Authentication Type to Radius One-time Password, then the operator
must sign on using the one-time password generated by the hardware token, even if it is the
first sign-on.
- If Radius One-time Password is selected and you select another authentication method,
then the operator must use the associated user password. If the new authentication method
is Password, then the user is prompted to change password.
• If the authentication method is LDAP, then the operator must sign on with an LDAP password.
Procedure
1. From the list of operators, select the check box for one or several operators in the left column.
2. Click Delete .
The Delete Confirmation window opens.
3. Click OK .
A status popup message appears.
Note The action of deleting an operator does not need to be approved.
When the security officers log in to SWIFTNet Online Operations Manager, they
still see the certificates (if any) for that operator as valid for eight days after the
operator is deleted from the Alliance Lite2 user management. The security officer
must not change anything to these certificates. The certificates of the deleted
operator will be automatically removed from the user tree after additional 124 days
and after automatic deletion of all its child nodes.
Procedure
1. From the list of operator sessions, click the row of the operator that you want to approve.
The Operator Details window opens.
2. Click Approve .
A status popup message appears.
20 July 2017 48
Alliance Lite2
Administration Guide User Management
Note The other security officer or operator with the necessary entitlements and permissions
must now sign on and approve the operator or operators. When both security officers
or operators have approved the changes, the status changes to Approved and the
operator is automatically enabled.
Prerequisites
Procedure
1. From the list of operator sessions, click the row of the operator that you want to disable.
The Operator Details window opens.
2. Click Disable .
The Disable Operator window opens.
3. In the Next Sign On Allowed drop-down list, select one of the following options:
• By Enable Command: To disable the operator definition until you enable the definition again
with the Enable button.
• On the Following Date: To disable the operator definition until the date, and time that you
specify.
4. Click OK .
A status popup message appears.
Next
An LSO or an RSO that has been disabled will have the approval status Unapproved and must be
approved. For more information, see Approve an Operator on page 48.
Related information
20 July 2017 49
Alliance Lite2
Administration Guide User Management
Prerequisites
Procedure
1. From the list of operator sessions, click the row of the operator that you want to enable.
The Operator Details window opens.
2. Click Enable .
A status popup message appears.
Prerequisites
Procedure
1. From the list of operators, click the row of the operator which you want to monitor.
The Operator Details window opens.
2. Click the Monitoring tab.
3. You can click Refresh to refresh the list.
4. Click Close .
The Operator Details window closes.
20 July 2017 50
Alliance Lite2
Administration Guide User Management
Any number of operators can be given the same profile, so that the duties which involve Alliance
Lite2 can be shared within your institution. If an operator has a combination of responsibilities, then
more than one profile can be assigned to the operator, provided there is no conflict between the
entitlements and the permissions in one profile and those in another.
Alliance Lite2 is delivered with various default profiles (pre-defined profiles) that security officers
can assign to new operators. Each profile corresponds to a specific user role.
<BIC8>_Msg_AllOthr (2) All permissions for message handling except for the authorisation of own
message
<BIC8>_OPER_SignOn Required to log in to the application (mandatory for all human users,
including SWIFT WebAccess)
20 July 2017 51
Alliance Lite2
Administration Guide User Management
(1) This profile must not be assigned to an operator as it is for internal use only. However, the security officer must assign the
OPER_SignOn profile to the AutoClient operator.
(2) To enable operators with these profiles to send MT messages from Message Management, the security officer must also
assign the BIC_View profile to these operators.
20 July 2017 52
Alliance Lite2
Administration Guide User Management
Display
Details
Functions
Function Description
20 July 2017 53
Alliance Lite2
Administration Guide User Management
Function Description
Submit Filters the list of entities according to the current filtering criteria values
Report Enables you to produce reports of the entities returned by the filtering criteria as well
as the filtering criteria
Change View Changes the layout of the list for the current page
20 July 2017 54
Alliance Lite2
Administration Guide User Management
Display
Details
Field Description
Actions/Available For the entity selected, the actions that can be added to the operator profile
Actions/Selected For the entity selected, the actions selected for the operator profile
20 July 2017 55
Alliance Lite2
Administration Guide User Management
Procedure
1. On the Browse home page, click Browse Services > SWIFTNet Online Operations Manager.
The SWIFTNet Browse Confirmation window appears indicating that you must enter your
password. You will be required to enter your password twice.
Note The Browse option does not appear if you logged on to the Test and Training
environment.
2. Enter your password.
3. Click OK .
The system starts the Authenticating process.
When the authentication completes, the SWIFTNet Online Operations Manager window
appears.
20 July 2017 56
Alliance Lite2
Administration Guide User Management
5. In Alliance Lite2, the customer security officer defines the Distinguished Name (DN) used by
the token. The Browse nodes add cn=%51 or cn=%52 (or cn=tt for Test and Training) in front of
the DN.
For example, if the token is cn=user,o=<bic8>,o=swift, then the browse nodes are as follows:
cn=%51,cn=user,o=<bic8>,o=swift cn=tt,cn=user,o=<bic8>,o=swift
cn=%52,cn=user,o=<bic8>,o=swift
20 July 2017 57
Alliance Lite2
Administration Guide User Management
CAUTION The %51, %52, and tt nodes are automatically created when the corresponding
operator logs in for the first time to Alliance Lite2. The security officers should
never create these nodes.
The %51 and %52 nodes must always be aligned in terms of roles assignments.
6. Double-click a user on the tree view and assign both the %51 and %52 for the live environment
and tt for the test environment the necessary RBAC roles.
The %51 and %52 nodes relate to the high available configuration of the two Alliance Lite2
servers. It is important that you grant the same roles to both %51 and %52. The easiest way of
doing this is to double-click to select both %51 and %52 in the tree view so that they are
displayed on the right side of the screen. You can then use the Group Grant function to assign
the same roles to both %51 and %52 at the same time.
For more information, see the Certificate Administration Guide > Distinguished Name
Equivalence.
7. Expand the roles in the Role Information pane as needed.
8. For each role, select the corresponding checkbox to grant the role (to ungrant a role, clear the
corresponding checkbox).
When you do a modification, a light icon appears above the checkboxes.
This window looks like the following:
Note The meaning of these roles is decided by the third party Browse service provider
(for example, TARGET2). You must follow the guidelines provided by your service
provider to understand and set the right roles.
9. Click Save .
The system prompts you to enter your password.
20 July 2017 58
Alliance Lite2
Administration Guide User Management
Procedure
1. If the left customer security officer assigned the RBAC roles, then the right customer security
officer must approve the RBAC roles. For more information, see Assign and Approve RBAC
Roles for Browse Users on page 55.
2. On the SWIFTNet Online Operations Manager window, click Security > 4-eyes
Authorisations.
3. In the text box as indicated on the screen, type or paste the token that the first customer
security officer received at the end of the procedure for assigning the RBAC roles.
20 July 2017 59
Alliance Lite2
Administration Guide User Management
4. Click Retrieve .
The details of the action to authorise appear in the right pane.
20 July 2017 60
Alliance Lite2
Administration Guide User Management
6. Click OK .
For more information about SWIFTNet Online Operations Manager, see the SWIFTNet
Online Operations Manager User Guide.
20 July 2017 61
Alliance Lite2
Administration Guide Reference Data Management
4.1 Correspondents
4.1.1 Correspondents
In Alliance Lite2, a correspondent can be an institution, a department, or an individual with which
Alliance Lite2 can communicate through SWIFT.
You can display the details of correspondents or groups of related correspondents.
20 July 2017 62
Alliance Lite2
Administration Guide Reference Data Management
Display
Correspondents
Correspondents
Institution The BIC-11 address of the institution. The BIC-8 destination address is ✓
followed by either a specific three-character branch code or by a default
branch code of XXX.
For filtering, the wildcard characters % and _ can also be used.
% Replaces one or more contiguous unknown characters in a string
_ Replaces one unknown character in a string
20 July 2017 63
Alliance Lite2
Administration Guide Reference Data Management
Correspondents
Last Name If the correspondent is an individual, this is the last name of the individual. ✓
Otherwise, it is blank.
For filtering, if the Type drop-down list is empty or set to Individual, then
in the Last Name field, you can enter the last name of the individual who
you are searching for. The wildcard characters % and _ can be used.
First Name If the correspondent is an individual, this is the first name of the individual. ✓
Otherwise, it is blank.
For filtering, if the Type drop-down list is empty or set to Individual, then
in the First Name field, you can enter the first name of the individual who
you are searching for. The wildcard characters % and _ can be used.
City Name The full name of the city in which the correspondent is located. ✓
For filtering, the wildcard characters % and _ can be used.
Country The two-character ISO standard code for the country in which the ✓
(Code) correspondent is based - the same as characters 5 and 6 of the BIC-11
address in the Institution field.
For filtering, the wildcard characters % and _ can be used.
20 July 2017 64
Alliance Lite2
Administration Guide Reference Data Management
Correspondents
Status The status of the correspondent. This can be Active or Inactive. You ✓
cannot send a message to an inactive correspondent.
For filtering, these are the possible values:
• Active: to search only for correspondents with an Active status.
• Inactive: to search only for correspondents with an Inactive status.
You cannot send a message to an inactive correspondent.
Modified Enter a date using the date picker. Only correspondent records which have ✓
Since been modified since this date are included in the search.
Update on Select this check box to filter on any unpublished BICs that you have ✓
BIC Load defined on your correspondents.
20 July 2017 65
Alliance Lite2
Administration Guide Reference Data Management
Display
Details
Field Description
Status The status of the correspondent. This can be Active or Inactive. You cannot send
a message to an inactive correspondent.
20 July 2017 66
Alliance Lite2
Administration Guide Reference Data Management
Field Description
20 July 2017 67
Alliance Lite2
Administration Guide Reference Data Management
Field Description
Preferred The preferred language that Alliance Lite2 must use when expanding messages sent
Language to the correspondent
These are the possible values:
• English
• Francais
• Deutsch
• Italiano
• Espanol
Update on BIC Select this check box if you want the correspondent record to be updated when an
Load Alliance Bank File is loaded. This means that the record may be changed or even
deleted as a result of the update.
Clear the check box if you do not want the correspondent record to be updated when
an Alliance Bank File is loaded.
This means that if the Alliance Bank File shows that the correspondent must be
modified, the record is not modified. If the Alliance Bank File shows that the
correspondent must be deleted, then the record is not deleted, but SWIFT is removed
from the list of Preferred Networks for the correspondent.
Last Modification This field shows the date on which the correspondent record was last modified.
20 July 2017 68
Alliance Lite2
Administration Guide Reference Data Management
Display
Details
Field Description
Preferred All the defined applications for the correspondent that are also network applications.
Networks
By default, Alliance Lite2 sends any message to the correspondent using the first
network application in the Selected list that can handle the message format, unless
you specify a different network application during message creation or modification.
Your correspondent may prefer you to use the applications in a specific order.
Functions
20 July 2017 69
Alliance Lite2
Administration Guide Reference Data Management
Change View Changes the layout of the list for the current ✓ x
page
4.2 Countries
4.2.1 Countries
You can display the reference data country records. Most of the reference data details are imported
from the Alliance Bank File. Each country record includes a field that defines whether the record
must be updated automatically when an Alliance Bank File is loaded into Alliance.
20 July 2017 70
Alliance Lite2
Administration Guide Reference Data Management
Display
20 July 2017 71
Alliance Lite2
Administration Guide Reference Data Management
Countries
Countries
Functions
Function Description
Submit Filters the list of entities according to the current filtering criteria values
Report Enables you to produce reports of the entities returned by the filtering criteria as well
as the filtering criteria
Change View Changes the layout of the list for the current page
Upload now After prompting you to confirm or modify the configuration details, loads the Bank
Update File.
20 July 2017 72
Alliance Lite2
Administration Guide Reference Data Management
Display
Details
Field Description
Update on BIC Select this check box if you want the country record to be updated when an Alliance
Load Bank File is loaded. This means that the record may be changed or even deleted as a
result of the update.
Clear the check box if you do not want the country record to be updated when an
Alliance Bank File is loaded.
20 July 2017 73
Alliance Lite2
Administration Guide Reference Data Management
4.3 Currencies
4.3.1 Currencies
You can display the reference data currency records. Most of the reference data details are
imported from the Alliance Bank File. Each currency record includes a field that defines whether
the record must be updated automatically when an Alliance Bank File is loaded into Alliance.
Display
20 July 2017 74
Alliance Lite2
Administration Guide Reference Data Management
Currencies
Currencies
Functions
Function Description
Submit Filters the list of entities according to the current filtering criteria values
Report Enables you to produce reports of the entities returned by the filtering criteria as well
as the filtering criteria
Change View Changes the layout of the list for the current page
Upload now After prompting you to confirm or modify the configuration details, loads the Bank
Update File.
20 July 2017 75
Alliance Lite2
Administration Guide Reference Data Management
Display
Details
Field Description
Number of Digits The maximum number of digits needed to correctly display fractional amounts of the
currency. This can be any number between 0 and 6.
Update on BIC Select this check box if you want the currency record to be updated when an Alliance
Load Bank File is loaded. This means that the record may be changed or even deleted as a
result of the update.
Clear the check box if you do not want the currency record to be updated when an
Alliance Bank File is loaded.
20 July 2017 76
Alliance Lite2
Administration Guide Default Operator Profiles
Msg_AllOthr on page 90 (2) All permissions for message handling except for the authorisation of own
message
OPER_SignOn on page 99 Required to log in to the application (mandatory for all human users)
Required for Browse users
20 July 2017 77
Alliance Lite2
Administration Guide Default Operator Profiles
(1) This profile must not be assigned to an operator as it is for internal use only. However, the security officer must assign the
OPER_SignOn profile to the AutoClient operator.
(2) To enable operators with these profiles to send MT messages from Message Management, the security officer must also
assign the BIC_View profile to these operators.
The following table describes the different entities in Alliance Lite2 and the default operator profiles
that have certain permissions for each entity:
20 July 2017 78
Alliance Lite2
Administration Guide Default Operator Profiles
(1) To enable operators with these profiles to send MT messages from Message Management, the security officer must also
assign these operators the BIC_View profile.
(2) An operator with this profile can verify his own message, but cannot authorise his own message.
Related information
Operator Profile Details on page 54
20 July 2017 79
Alliance Lite2
Administration Guide Default Operator Profiles
Description
1 The BIC_View profile can use the Correspondent Info entity as this is the entity that is
selected.
2 Within the Correspondent Info entity, this profile can perform the three actions that are
selected:
• OpenPrint Corr Dets
• OpenPrint Country
• OpenPrint Currency
20 July 2017 80
Alliance Lite2
Administration Guide Default Operator Profiles
Description
1 The Msg_Oper profile can use the Mesg Approval, Mesg Creation, Mesg Modification,
and Message File entities.
2 Within the Mesg Modification entity, this profile can perform the three actions that are
selected:
• Complete Message*
• Dispose Message*
• Modify Message*
3 An asterisk indicates that there are specific permissions linked to an action. In this case,
there are specific permissions for all of the selected actions.
5.2 AutoClient
The AutoClient operator profile can perform certain actions related to the Application Interface
entity:
MT Prohibited
(Allowed/Prohibited)
20 July 2017 81
Alliance Lite2
Administration Guide Default Operator Profiles
CCY+[AMOUNT] Prohibited
(Allowed/Prohibited)
Important This profile must not be assigned to an operator as it is for internal use only. However,
the security officer must assign the OPER_SignOn profile to the AutoClient operator.
5.3 BIC_View
Entities Actions allowed for LSO and Specific permissions LSO Specific permissions RSO
RSO
20 July 2017 82
Alliance Lite2
Administration Guide Default Operator Profiles
Entities Actions allowed for LSO and Specific permissions LSO Specific permissions RSO
RSO
WS Session Timeout 0 0
Create Op List
Disable Operator
Mod Operator
Rem Operator
5.5 MsgUpload
The MsgUpload operator profile can perform certain actions related to the Application Interface
entity:
MT Prohibited
(Allowed/Prohibited)
CCY+[AMOUNT] Prohibited
(Allowed/Prohibited)
20 July 2017 83
Alliance Lite2
Administration Guide Default Operator Profiles
5.6 Msg_All
Introduction
The Msg_All operator profile can perform certain actions related to the following entities:
• Mesg Approval on page 85
• Mesg Creation on page 86
• Mesg Modification on page 87
20 July 2017 84
Alliance Lite2
Administration Guide Default Operator Profiles
Mesg Approval
Advanced Editing Not in use in Alliance Lite2 Not in use in Alliance Lite2
CCY/Amount Prohibited
(Prohibited/Allowed)
20 July 2017 85
Alliance Lite2
Administration Guide Default Operator Profiles
(1) Decides whether a message to be sent to SWIFT requires dual or single approval.
Mesg Creation
Advanced Editing Not in use in Alliance Lite2 Not in use in Alliance Lite2
CCY/Amount Prohibited
(Allowed/Prohibited)
20 July 2017 86
Alliance Lite2
Administration Guide Default Operator Profiles
Mesg Modification
Advanced Editing Not in use in Alliance Lite2 Not in use in Alliance Lite2
20 July 2017 87
Alliance Lite2
Administration Guide Default Operator Profiles
CCY/Amount Prohibited
(Allowed/Prohibited)
20 July 2017 88
Alliance Lite2
Administration Guide Default Operator Profiles
Message File
Export Messages Not in use in Alliance Lite2 Not in use in Alliance Lite2
Reporting
View I/O Reports Not in use in Alliance Lite2 Not in use in Alliance Lite2
View Oper Reports Not in use in Alliance Lite2 Not in use in Alliance Lite2
20 July 2017 89
Alliance Lite2
Administration Guide Default Operator Profiles
SWIFTNet Interface
Open/Print RProf RT
5.7 Msg_AllOthr
The Msg_AllOthr operator profile can perform the same actions as the profile Msg_All on page 84
except for the Mesg Approval entity, where the specific permission for “Auth. own entered mesg” is
set to “No”.
Note To enable operators with the Msg_AllOthr profile to send MT messages from Message
Management, the security officer must also assign these operators the BIC_View
profile (see BIC_View on page 82).
5.8 Msg_Audit
Introduction
The Msg_Audit operator profile can perform only the Search action related to the Message File
entity.
Message File
20 July 2017 90
Alliance Lite2
Administration Guide Default Operator Profiles
5.9 Msg_Auth
Introduction
The Msg_Auth operator profile can perform certain actions related to the following entities:
• Mesg Approval on page 91
• Mesg Modification on page 92
• Message File on page 94
Mesg Approval
CCY/Amount Prohibited
(Allowed/Prohibited)
20 July 2017 91
Alliance Lite2
Administration Guide Default Operator Profiles
(1) Decides whether a message to be sent to SWIFT requires dual or single approval.
Mesg Modification
20 July 2017 92
Alliance Lite2
Administration Guide Default Operator Profiles
CCY/Amount Prohibited
(Allowed/Prohibited)
20 July 2017 93
Alliance Lite2
Administration Guide Default Operator Profiles
Message File
5.10 Msg_Oper
Introduction
The Msg_Oper operator profile can perform certain actions related to the following entities:
• Mesg Approval on page 94
• Mesg Creation on page 95
• Mesg Modification on page 97
• Message File on page 98
• SWIFTNet Interface on page 99
Note To enable operators with the Msg_Oper profile to send MT messages from Message
Management, the security officer must also assign these operators the BIC_View
profile (see BIC_View on page 82).
Mesg Approval
20 July 2017 94
Alliance Lite2
Administration Guide Default Operator Profiles
CCY/Amount Prohibited
(Allowed/Prohibited)
(1) Decides whether a message to be sent to SWIFT requires dual or single approval.
Mesg Creation
20 July 2017 95
Alliance Lite2
Administration Guide Default Operator Profiles
CCY/Amount Prohibited
(Allowed/Prohibited)
20 July 2017 96
Alliance Lite2
Administration Guide Default Operator Profiles
Mesg Modification
20 July 2017 97
Alliance Lite2
Administration Guide Default Operator Profiles
CCY/Amount Prohibited
(Allowed/Prohibited)
Message File
20 July 2017 98
Alliance Lite2
Administration Guide Default Operator Profiles
SWIFTNet Interface
Open/Print RProf RT
5.11 OPER_SignOn
The OPER_SignOn profile can perform the Signon action related to the Access Control and the
Monitoring entities.
Access Control
WS Session Timeout 0
Monitoring
5.12 RMA_All
The RMA_All profile can perform all actions related to the Relationship Mgmt entity.
20 July 2017 99
Alliance Lite2
Administration Guide Default Operator Profiles
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Clean up Auth
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Export on Change
Service(s) Prohibited
(Allowed/Prohibited)
Modify Signing BIC T&T Own Destination(s) (BIC8) e.g. BBBBCC22 or Allowed
BBBBCC%
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
5.13 RMA_Auth
The RMA_Auth profile can perform certain actions related to the Relationship Mgmt entity.
The RMA_Auth profile cannot create or modify authorisations.
Service(s) Prohibited
(Allowed/Prohibited)
Bypass Approval No
(Yes/No)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Clean up Auth
Service(s) Prohibited
(Allowed/Prohibited)
Bypass Approval No
(Yes/No)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Export on Change
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Bypass Approval No
(Yes/No)
Service(s) Prohibited
(Allowed/Prohibited)
Bypass Approval No
(Yes/No)
Service(s) Prohibited
(Allowed/Prohibited)
5.14 RMA_Oper
The RMA_Oper profile can perform certain actions related to the Relationship Mgmt entity.
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Bypass Approval No
(Yes/No)
Service(s) Prohibited
(Allowed/Prohibited)
Bypass Approval No
(Yes/No)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
Service(s) Prohibited
(Allowed/Prohibited)
6 Relationship Management
RMA (Relationship Management Application) enables an institution to control the traffic that it
accepts from other institutions. An RMA relationship is a set of authorisations exchanged between
your BIC and your counterparty's BIC that defines who can send traffic to whom and when. The
use of the Relationship Management Application mechanism is mandatory for the FIN service.
As an administrator, you can add, view, and delete data related to RMA relations.
When you add an RMA relationship in Alliance Lite2, you are sending a special message over the
SWIFT network to your counterparty. This message is called an RMA authorisation. This message
grants your correspondent the permission to send you SWIFT messages. Your counterparty can
also send you an RMA message to grant you permission to send messages. Alliance Lite2 users
can request that you, as an administrator, add a new authorisation to the system.
For more information, see the Alliance Lite2 Administration Guide - RMA.
Legal Notices
Copyright
SWIFT © 2017. All rights reserved.
Restricted Distribution
Do not distribute this publication outside your organisation unless your subscription or order
expressly grants you that right, in which case ensure you comply with any other applicable
conditions.
Disclaimer
The information in this publication may change from time to time. You must always refer to the
latest available version.
Translations
The English version of SWIFT documentation is the only official and binding version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT:
the SWIFT logo, SWIFT, SWIFTNet, Accord, Sibos, 3SKey, Innotribe, the Standards Forum logo,
MyStandards, and SWIFT Institute. Other product, service, or company names in this publication
are trade names, trademarks, or registered trademarks of their respective owners.