remoteEaze
Security & Compliance

Permissions and Maker-Checker

How access is enforced, what maker-checker means, and which entities require approval.

Last updated

What maker-checker means in remoteEaze

Maker-checker means one user creates or edits a record, and a different authorized user approves it before the change becomes active.

In this system:

  • CAPTURED means work is saved but not submitted.
  • PENDING_AUTH_L3, PENDING_AUTH_L2, and PENDING_AUTH_L1 mean approval is in progress.
  • AUTHORIZED means the record is approved and active.
  • REJECTED means it was sent back for correction.
  • DENIED means it is blocked and closed.

Submission and approval move records through those states based on the required approval levels for the action.

Backend and frontend responsibilities

The backend is the source of truth.

  • It authenticates the user.
  • It validates tenant and license state.
  • It checks permissions on each request.
  • It checks record scope (tenant, branch, or self).
  • It enforces workflow rules, including maker-checker transitions.

The frontend improves usability.

  • It hides modules and tabs the user should not use.
  • It hides or disables actions such as create, approve, reject, and deny.
  • It uses the same shared permission engine for consistency.

Security still depends on backend enforcement. A hidden button is not the security control.

No self-approval

The system blocks users from approving or rejecting their own records.

This rule is enforced in workflow logic and in module services. It is not only a UI rule.

Entities using maker-checker

The current maker-checker entity list is explicit and code-defined:

  • custom_field_definition
  • customer
  • agent
  • account
  • facility
  • product
  • trans_code
  • work_day_year
  • account_condition
  • commission_type
  • fee_definition
  • facility_class
  • activity_rule
  • loan_provision_config
  • loan_product
  • workflow_definition
  • workflow_stage
  • workflow_transition
  • workflow_requirement
  • workflow_action
  • workflow_action_rule
  • eligibility_policy
  • eligibility_rule
  • rate_definition
  • rate_value
  • source_funds_rate
  • source_funds_product_rule
  • loan_product_source_funds_rule
  • loan_pricing_policy
  • loan_pricing_adjustment_rule
  • loan_repayment_policy
  • loan_penalty_policy
  • loan_repricing_rule
  • product_account_condition_policy
  • loan_application
  • group_contribution_instruction
  • loan_guarantee
  • collateral_asset
  • collateral_asset_valuation
  • collateral_pledge
  • loan_variation
  • transaction
  • forward_dated_transaction
  • standing_order
  • third_party_system
  • delivery_hook_config
  • cob_config
  • tenant_notification_config

Not every entity uses maker-checker. Some setup and reference records apply immediately.

Related page

See Data Access Scope for how record-level scope is applied.

Data Lifecycle

How remoteEaze handles record creation, approval, updates, deletion, and retention across key domains.

Data Access Scope

How remoteEaze limits which records a user can view or change.

On this page

What maker-checker means in remoteEazeBackend and frontend responsibilitiesNo self-approvalEntities using maker-checkerRelated page