Platform Access Guide

Download PDF version

Introduction

The FANC Data Exchange Platform (DXP) has been designed for interaction between FANC and its professional partners. Therefore, all actions performed on the DXP are always executed in the context of a company, in DXP referred to as "organisation". As a result, as a professional user of the platform, you always represent an organisation.

Primary Authentication Type:

Management of the professional partner users requiring access to FANC DXP is handled in the CSAM platform. CSAM provides an interface for organisations to manage the roles it wishes to grant to its users to allow access to Belgian governmental applications, FANC DXP being one of them. Users can connect to CSAM by popular strong identification technologies such as e-ID and ItsMe.

If you are unfamiliar with the CSAM platform, you are invited to read the documentation provided on the CSAM website, available in different languages. For a quick overview of how the CSAM user management works, please refer to the steps below.

CSAM USER MANAGEMENT OVERVIEW (Please refer to this link. You can download a "step-by-step" guide from there)

  1. The organisation appoints a Chief Access Manager. If this is the first time the organisation uses CSAM, this step must be performed by the Legal Representative (CEO).
  2. Optionally, the Chief Access Manager appoints 1 or more regular Access Managers, which are restricted by domain.

    Note: By default, the Chief Access Manager is also Access Manager for all domains. If he/she will be the only person managing roles, there is therefore no need to appoint regular Access Managers.
    Important: the FANC DXP application belongs to the domain of Home Affairs. When appointing Access Managers, make sure they are linked to this domain in order for them to be able to manage roles for FANC DXP !
  3. An Access Manager uses the eGov Role Management (RMA) to grant desired users different roles in FANC DXP (see below).

Steps 1 and 2 will, in most cases, only have to be performed occasionally, i.e. at the first time CSAM registration or whenever there is a requirement to change the Chief Access Manager or a regular Access Manager for an organisation.

Step 3 will have to be performed whenever a new user needs access to FANC DXP or if the roles of an existing user must be changed or removed.

Please refer to the HR or accountancy service of your organisation for more information about CSAM. As the CSAM platform is also used for other governmental applications such as social security and tax declarations, they will most likely already be familiar with it. They should be able to tell you who the access managers are inside your organisation.

FANC DXP related roles

FANC DXP consists of different modules. Depending on the requirement of your organisation, you may require access to 1 or more modules. Each module has 1 or more associated roles. Professional users can have more than 1 role if needed, e.g. a role in module A and also a role in module B. As outlined above, role-assignments are managed through the CSAM RMA application by the organisation Access Managers for the domain of Home Affairs. Note that in the RMA interface, the role names are dependent on the selected language. Only the English names are listed here below.

MODULES AND ASSOCIATED ROLES

National Dose Register (NDR)
  • FANC Worker Dose - Data Management - This role can perform data manipulation operations such as data upload
  • FANC Worker Dose - Consult - This role can only perform "read" operations

Physical Inventory (PHI)
  • FANC Physical Inventory - Data Management - This role can perform data manipulation operations such as data upload
  • FANC Physical Inventory - Consult - This role can only perform "read" operations

Euratom Drinking Water Directive (EDWD)
  • FANC Drinking Water Directive - Data Management - This role can perform data manipulation operations such as data upload
  • FANC Drinking Water Directive - Consult - This role can only perform "read" operations

Transport Class 7 (TRAC7)
Currently restricted to FANC users only

 

Note 1: Permissions to functionalities are granted according to the least restrictive role. E.g. a user with a "Consult" role will still be able to manipulate data if he/she also has the "Data Management" role for the same module !
Note 2: When the role assignment is changed for a user currently logged in in FANC DXP, this user will need to log out and log back in to see the changes take effect.
Warning: It is the responsibility of the organisation Access Managers to ensure than only the appropriate users have the adequate role assignments at any given time! FANC will not (and cannot) interfere with the organisations users and roles management through the CSAM platform!

Secondary Authentication Type: local user account (classic username and password)

Prior to the introduction of CSAM authentication, the local user account was the main authentication method for FANC partners on the DXP. This method should now be treated as deprecated, and all organisations should move to the CSAM method as soon as possible.

New users who have never connected to FANC DXP before should use the CSAM authentication method as outlined above. Only in exceptional cases should users, requiring access to FANC DXP, have to create a local account. An example might be a foreign employee without a Belgian national number. Please contact FANC to request a special case access.

Existing users are encouraged to use the CSAM authentication method as soon as possible, and request their Access Manager to assign them the adequate roles. Upon first CSAM login, you will be provided with a wizard which will assist in connecting your existing local account to your CSAM login.

TRANSITION PERIOD FOR EXISTING USER ACCOUNTS

In order to ease the transition from local accounts to CSAM, a transition period will run until 31/12/2019. Existing links between local user accounts and organisations (with their associated roles) will be kept in the DXP database until the end of the transition period. After the end of the transition period, these links will be removed and only CSAM authenticated users will be allowed to perform actions as defined by their roles in RMA.