Security and Access Permissions Hierarchy


The articles in this section deal with all aspects of User Security: how to enforce and control access rights for ITAS Users. This section covers:

  • Authentication - the process of verifying who you are

  • Authorisation - the process of verifying that you have access to something

Users are authenticated through a combination of a Windows account (Active Directory) and an ITAS (CMP) account. When using ITAS via a desktop, identification is provided through logging into the domain hosting ITAS, where the name is passed through and linked to a corresponding ITAS account (for this reason they must be the same account name). When accessing ITAS via the Web Portal, the user will be prompted for their username and password.

Users are authorised to access ITAS at Application and Data levels. 

Active Directory Group

There are two principle groups managed through Active Directory that control the top level access rights for a user:

  • ITAS Administrators 
  • ITAS Users

The AD group names are configurable and can be assigned through Trader Desktop -> System Settings -> Configure Active Directory.
Members of the ITAS Administrators AD group have access to restricted menu options in Trader Desktop - see here for the list.

ITAS Licence

ITAS (CMP) accounts are assigned a licence through AUTH; without an appropriate licence access will be prevented. *

Platform Access

Depending on requirements, users can be granted access to ITAS via a Desktop connection, Web (Access) Portal through a browser connection or both. Access rights are maintained through CMP.

Trading Entity

Users can be assigned access to specific Trading Entities, with an associated privilege level. Trading Entity access rights can be maintained through CMP or User Admin.

Menu Options (Applications)

At Trading Entity level, users can be granted access to ALL menu options (full access or read only), or selected menu options. 


Privileges are primarily function-driven, and therefore are generally associated with specific menu options. 

* For clients operating with a concurrent user licence, individual accounts do not need an ITAS Licence as access is managed dynamically at run-time

Figure 1: hierarchy of precedence for the authentication and authorisation for a user

Contents of Security and Access Permissions

Was this helpful?
Thanks for your feedback