Guardian offers different types of login to the user, each with differing levels of responsibility and permissions:
- Trader: The Trader login allows the user to access an exchange for trading purposes (when X_TRADER® is already open). Traders registered on the exchange can see all orders and fills from other traders using the same group ID. Proxy traders (with a TTORD Member ID) cannot see the fills and orders of registered (direct) traders, but can see the fills and orders of other TTORD traders using the same Group ID. In Guardian, you must map proxy traders to traders registered on the exchange before they can access a particular TT Gateway.
- Local: The Local login allows the user to configure, start, and stop WAN Routing. You can use any Windows username and password with Administrator rights that has been entered into the WUAS on the TT Gateway machine or a Domain Controller.
- Administrator: There are several forms of TT Administrator logins each with its own permissions and functions.
Administrator logins allow access to the TT Gateway for the purpose of setting up risk parameters, product tables, currency tables, and publishing license files. With customer consent, TT also uses these logins for troubleshooting purposes. At other times clearing firms use TT products (such as Guardian) to set their clients’ risk parameters on a membership or group basis.
To set up risk parameters, product tables, currency tables, or publish license files you must enter the appropriate administrator login.
The following list includes standard administrator accounts:
- TTADM is an Administrator account that cannot submit orders. The format of the TTADM login is TTADMXXXxxx with a confidential password. This login grants permission for maintaining the TT Gateway server: TTADM users can access and interact with licenses, WAN Routing, product tables and risk parameters, delete orders, and view Order Router status and connected clients. You can substitute a particular group ID for XXX to setup product tables and risk parameters for the specified group (regardless of the membership to which the group belongs).
- Member-Level Risk Administrator (MLRA): The format of the MLRA login is MEMBRXXXMGR, where MEMBR is the Member ID of the MLRA, and XXXMGR is typed as is. The MLRA sets risk parameters for all traders who belong to the Member ID MEMBR (the Member ID used in the MLRA login).
- Group Level Risk Administrator (GLRA): The format of the GLRA login is MEMBRGRPMGR, where MEMBR is the Member ID of the GLRA, GRP is the group ID of the GLRA, and MGR is typed as is. The GLRA sets risk parameters for all traders who belong to the membership ID MEMBR and the group ID GRP.
- TTRisk (Member Level): The format of the member level TTRisk login is TTRISKXXXMGR typed as is. The member level TTRisk login has full access to all risk parameters for all memberships on all markets as well as product and currency table setup. The TTRisk login does not have access to network configuration parameters in Guardian.
- TTRisk (Group Level): The format of the group level TTRisk login is TTRISKGRPYYY, where TTRISK is typed as is, GRP is the group ID, and YYY is the trader ID. The group level TTRISK has privileges to edit the risk parameters for all traders who belong to group ID GRP. Additionally, this login has access to product and currency table setup. You cannot configure network parameters in Guardian using the TTRisk login.
- TTNET: The format of the TTNET login is TTNETXXXYYY, where TTNET and XXX are typed as is and YYY is the trader ID. The TTNET login provides access to product and network-related Guardian functions, but not to risk parameters.
Login Authentication Process
When a TT user attempts to log into a TT Gateway, Guardian sends the user’s login information to the Windows domain (or TT Gateway if you do not use a Domain Controller) and to the local machine using the specified username and password. Thus, Guardian effectively makes two login attempts on a Windows system for each one attempt by a user to log in. TT’s security locks any username that fails to successfully log in after three attempts through the TT GUI. For further details on Locked Accounts, refer to Lockouts.
You must ensure that the complete concatenated trader ID (Member, Group, and Trader IDs) for each trader on your system is in either the domain controller or the User Manager on the appropriate TT Gateway. Thus, if you do not use a domain controller, any TT Gateway that the trader accesses must store that trader’s ID.
Universal login offers the user the ability to log in once for all exchanges on which he trades. This function is available only if you run a TT User Setup Server on your trading system. For additional details on TT User Setup, refer to the TT User Setup System Administration Manual.
When a user logs into the system:
- The user provides a Universal Login Username (different from the concatenated Trader ID) and password.
- Guardian sends the Username and password to the TT User Setup Server.
- The TT User Setup Server receives the username and password.
- The TT User Setup Server queries its Microsoft Access
database to identify all TT Gateways and associated trader IDs mapped
to the provided Username.
- If authentication fails, the TT User Setup Server forwards a login reject message to the client application, and the trader will not be able to log in.
- If both the Username and password successfully pass authentication, the TT User Setup Server sends the TT Gateway / trader ID associations back to the client application and the process continues as described below.
- The client application receives the TT Gateway / trader ID maps.
- The client application logs into appropriate TT Gateways using the relevant trader IDs according to the map provided by the login server. This login process is detailed in the previous section called Login Authentication Process.