ORE Studio User Manual Introduction Connecting to ORE Studio Initial Setup Provisioning from the Shell Accounts and Roles Tenants Reference Data Currencies

ORE Studio is a desktop application for exploring, configuring, and running quantitative finance calculations. It provides a graphical environment built around the Open Source Risk Engine (ORE), a widely-used open-source library for pricing derivatives and measuring financial risk, which is itself built on QuantLib. ORE Studio handles the data — storing trades, market data, and model configurations, and presenting the results — while ORE and QuantLib provide the mathematics.

This manual is written for several kinds of reader:

• Analysts, traders, quants, and middle-office staff who want to explore financial instruments and risk calculations through a graphical interface. No programming experience is required.
• Students and researchers learning quantitative finance. ORE Studio makes it possible to experiment with derivative pricing, yield curve construction, and risk measures without writing code.
• LLM-based agents and coding assistants that interact with ORE Studio on a user's behalf, help configure workspaces, interpret results, or draft analytical reports. Multimodal models — those capable of processing both text and images — are preferred, as the manual makes extensive use of screenshots to describe the user interface.

The focus throughout is on what you can do through the application itself: entering trades, configuring market data, running analytics, and understanding the results.

ORE Studio is organised around a set of functional areas accessible from the main menu:

• Reference data — currencies, business calendars, counterparties, and market conventions that form the foundation for everything else.
• Instruments and trades — define, store, and manage financial instruments and their terms.
• Market data — yield curves, volatility surfaces, fixing histories, and other inputs to pricing and risk models.
• Model configuration — choose and parameterise pricing engines, simulation models, and sensitivity specifications.
• Analytics — run calculations and view results: net present value, sensitivities (Greeks), credit and funding valuation adjustments (XVA), Monte Carlo simulations, and stress tests.

All data is stored persistently, so trades, curves, and configurations can be saved, revisited, and reused across sessions.

ORE Studio is a learning and exploration environment, not a production trading or risk system. It is independent of and unaffiliated with ORE, QuantLib, or any financial institution. All quantitative mathematics are provided by ORE and QuantLib; ORE Studio is the surface through which they are configured and their results explored. Users who need production-grade performance, real-time market data feeds, or regulatory reporting should look to enterprise risk platforms.

The chapters follow the natural order of first use. After this introduction, Connecting to ORE Studio covers launching the application, establishing a connection to the backend, and orienting yourself in the main window; Initial Setup then covers provisioning the system, tenants, and parties. Later chapters cover each functional area in turn. You do not need to read the manual cover to cover; each chapter can be read independently once the system is up and running.

Early-stage software. ORE Studio is currently in active development (version 0.x). Features, workflows, and this documentation are all evolving and may change between releases. Numbers produced by the system are for learning and exploration only — they must not be used for real trading, risk management, or any financial decision-making.

This manual was generated entirely by large language models (LLMs) working under human supervision. While every effort has been made to ensure accuracy, LLM-generated content can contain errors, omissions, or descriptions that do not match the actual software behaviour. If you find a discrepancy between this manual and the application, trust the application. Please report inaccuracies via the project issue tracker so they can be corrected.

When you launch ORE Studio a splash screen appears briefly while the application initialises, showing the ORE Studio logo and the build version in its lower-right corner.

Once initialisation completes you are greeted by the main window in its disconnected state. The application is running but has not yet established a connection to the backend service that performs calculations. Before you can work with trades, market data, or analytics, you need to connect to a running ORE Studio backend.

This chapter covers:

• What the main window looks like before a connection is established.
• How to open the Connection Manager and configure one or more backends.
• How to log in once a connection is active.
• How to manage your saved connections — adding, editing, deleting, organising by environment and tag.
• How to read the status bar and understand what each zone shows.
• How to launch ORE Studio from the command line with options for telling windows apart, configuration directory, auto-connect, and diagnostics.

In the disconnected state most of the application is inactive. The menu bar and toolbar are present but workspace panels, trade lists, and analytics views are all unavailable until a successful login. Two toolbar buttons are always accessible:

• Connect — opens the login dialog for the currently selected connection.
• Connections — opens the Connection Manager, where you configure the list of backends ORE Studio knows about.

The Connection Manager is the central place where you maintain the list of ORE Studio backends the application can connect to. You might have a local development backend, a shared team backend, and a staging backend — each appears as a separate entry here. The manager lets you add, edit, delete, and organise those entries before you attempt a login.

Open it at any time from the toolbar Connections button or from the File menu.

Once you have at least one connection configured, you can log in.

The status bar always shows whether you are connected. After a deliberate log-out — or once a stopped backend is running again — use the Connect button to re-establish the session: your saved connection is retained, so you only re-enter your password.

The status bar runs along the bottom of the main window and provides a continuous read on the application's connection state. It is always visible regardless of what is open in the workspace.

The status bar is divided into zones from left to right:

• Connection name — the name of the active connection as entered in the Connection Manager (e.g. "Local dev"). Clicking this zone opens the Connection Manager directly.
• Environment badge — the coloured environment label (e.g. Production in red) if one is assigned to the active connection. Absent when no environment is set. This is the most prominent safety indicator: always glance at the environment badge before performing any write operation.
• Username — the account name of the currently logged-in user. Absent in the disconnected state.
• Server — the backend address (host and port) the session is connected to, e.g. localhost:42221.
• Active party — the party context for the session (e.g. Root / System Party), set at login when your account spans multiple parties.
• Connection indicator — a coloured icon at the right showing the live link state (green when connected).

The status bar changes appearance to reflect the connection state:

• Disconnected (no active connection) — grey; shows "Not connected".
• Connecting (handshake in progress) — animated indicator; shows "Connecting to /name/…".
• Connected and logged in — normal; shows all zones as described above.

In the disconnected state the strip is reduced to the environment marker and the connection label, with the broken-link icon on the right:

The connected state is shown at the start of this section. Compare it with the disconnected strip above to recognise at a glance which state the application is in.

ORE Studio can be launched directly from a terminal, which is useful for scripting, for telling several windows apart, or for pointing the application at a non-default configuration directory. Run ores --help to see the full list of accepted options for your installed version; the most commonly used ones are documented below.

ores --help

Knowing exactly which build you are running matters when reporting an issue or checking client/backend compatibility. ORE Studio shows its version in several places.

The title bar of the main window always shows the version next to the application name:

It also appears in the lower-right corner of the splash screen at start-up:

…and in the footer of the login dialog, below the Register link:

From the command line, ores --version prints the client version string (e.g. ORE Studio 0.0.19) and exits — handy in scripts or when filing a bug report.

ores --version

While ORE Studio is running it places an icon in your desktop's system tray (notification area). The icon keeps the application reachable when its window is minimised or hidden, and shows the instance name so you can tell multiple windows apart.

To end your session, choose File → Log Out or click the Disconnect toolbar button. ORE Studio closes the connection to the backend and returns to the disconnected main window. Your saved connection configurations are preserved; you can log back in at any time.

Logging out does not stop the backend service — it only terminates your client session. Other users connected to the same backend are unaffected.

To close the application entirely, quit the window (or choose File → Exit). ORE Studio asks you to confirm so you do not lose an active session by accident:

This chapter walked the full path from a freshly launched application to an authenticated session: the disconnected main window, defining and managing connections in the Connection Manager, connecting and logging in, and reading the status bar's account of the session. It also covered the operational periphery — command-line options, the application version, the system tray, and logging out. The reader can now reach a live backend; the next chapter covers what must happen before a brand-new backend is usable at all: provisioning.

ORE Studio organises data around two concepts that the provisioning wizards exist to create. A tenant is a fully isolated organisational space — its users, reference data, and results are invisible to every other tenant; typically one per organisation. Within a tenant, parties form the organisational hierarchy: the house — your own legal entities, desks, and booking centres — alongside the external counterparties it trades with. Users log in to a specific party, and their position in the hierarchy determines what they can see. The full model — tenant types, the system tenant and system party, hierarchy visibility, and the house versus counterparty distinction — is covered in the Tenants chapter.

A freshly installed ORE Studio backend goes through a fixed sequence before it is ready for normal use. Each step requires a specific login identity:

1. System provisioning — no login is needed; the backend is in provisioning mode and the System Provisioner wizard launches automatically the first time any client connects. This step creates the platform administrator account and provisions the first tenant and its tenant administrator. Until it completes, no normal user logins are accepted.
2. Tenant provisioning — log out of the system administrator session (or simply connect as a new user) and log in as the tenant administrator created in step 1. OreStudio detects that this account has never logged in before and launches the Tenant Provisioner automatically. This step seeds the tenant with reference data and creates the house party hierarchy.
3. Party provisioning — log in to a specific house party using the tenant administrator account, or any operational account that holds party setup permissions for that party. OreStudio detects that the party has not yet been provisioned and launches the Party Setup wizard. Repeat this step for each party in the hierarchy that needs its own counterparties, books, and reports.

Each step has a corresponding wizard in the ORE Studio UI. The following sections walk through each one.

The first time you connect to a backend that has never been initialised, ORE Studio detects provisioning mode and launches the New System Provisioner automatically. This one-time wizard creates the platform administrator account, chooses a single- or multi-tenant layout, and provisions the first tenant together with its own administrator.

The first time you log in as a tenant administrator, ORE Studio launches the New Tenant Provisioner. It seeds the tenant with reference data and, optionally, an initial party hierarchy. You can skip it with Cancel and set everything up by hand later from the Data Librarian and Parties windows.

Where the Tenant Provisioner establishes the party hierarchy, the Party Setup wizard configures the operational structure within a party: it imports counterparties and creates a standard set of risk-report definitions. It runs for a party that needs initial setup, and can be skipped with Cancel (counterparties and reports can be configured later from the application menus).

Some accounts are associated with more than one party — for example a group administrator who can act for several entities. When you log in with such an account, ORE Studio asks which party context to use for the session.

Choose System Party for administrative work, or Operational Party to work within a specific business entity. Filter the list by booking centre, or type in the search box to narrow it.

Select a party and click Select. Your data visibility for the session is determined by the party you choose and its position in the hierarchy.

This chapter covered the one-time journey from an empty backend to an operational deployment. With the tenant and party model sketched in brief — the full treatment lives in the Tenants chapter — the three wizards did the work: the System Provisioner created the platform administrator and first tenant, the Tenant Provisioner seeded reference data and the house, and the Party Provisioner equipped each party with counterparties and report definitions. Provisioning ends where daily use begins: choosing a party at login. The accounts the wizards created, and every account after them, are managed through the windows described in the next chapter.

ores.shell is ORE Studio's interactive command-line client. Like the desktop application it speaks to the backend services over the message bus, so anything it does respects the same validation, audit trail, and permissions. Start it, connect, and type help to see the available commands; every command described here also explains its own arguments through the shell's built-in help.

Provisioning from the shell follows exactly the sequence described in the previous chapter — system, then tenant, then party — including the logouts and logins between the stages, because each login is what refreshes your session's view of the system's state. The difference is that each wizard collapses into a single command whose options carry the same defaults the wizard pre-fills, so the common case needs very few of them.

provision system performs the System Provisioner's work: it checks the installation is in bootstrap mode, creates the platform administrator, logs in as that account, and provisions the first tenant together with its tenant administrator.

provision system super_admin Secure-Password-123 admin@localhost.com --tenant-admin-password Secure-Password-123 --tenant-hostname default
logout
exit

The tenant administrator's password is the only option without a default — everything else mirrors the wizard's single-tenant mode: tenant code default, name Default Tenant, type evaluation, and the tenant administrator named tenant_admin with the e-mail address admin@<code>.com. To provision a custom tenant instead — what the wizard calls multi-tenant mode — override what you need with --tenant-code, --tenant-name, --tenant-type, --tenant-hostname, --tenant-description, --tenant-admin and --tenant-admin-email.

The command validates everything before touching the backend, refuses to run when you are already logged in or the system is not in bootstrap mode, and on success prints the login for the next stage:

./projects/ores.compass/compass.sh shell << 'EOF'
<<shellprov-system>>
EOF

✓ Connected to nats://localhost:42222
⚠ WARNING: System is in BOOTSTRAP MODE
ores-shell> [1/3] Creating initial admin account 'super_admin'...
  Account created (ID: b88d04ec-ac25-4137-981a-ddefb1d92592).
[2/3] Logging in as 'super_admin'...
✓ Login successful!
[3/3] Provisioning tenant 'default'...
✓ System provisioned. Tenant 'Default Tenant' (ID: 93b5d425-...), admin 'tenant_admin'.
Next: logout, then: login tenant_admin@default <password>  — the tenant is in bootstrap mode; run provision tenant.
ores-shell> ✓ Logged out successfully.
ores-shell> Bye!

Note the login principal is the username at the tenant's hostname (tenant_admin@default above), not its display name.

provision tenant performs the Tenant Provisioner's work for the tenant you are logged in to. Log in as the tenant administrator the previous stage created — the tenant is in bootstrap mode, which is exactly what the command requires — and run:

login tenant_admin@default Secure-Password-123
provision tenant --source synthetic --seed 42
logout
exit

./projects/ores.compass/compass.sh shell << 'EOF'
<<shellprov-tenant>>
EOF

ores-shell> ✓ Login successful!
ores-shell> Using bundle 'base' (first available).
[1/4] Publishing bundle 'base'...
  Dispatched 31 dataset(s); workflow instance: 7c059b7f-...
✓ All 31 step(s) completed.
[2/4] Generating synthetic organisation...
✓ Synthetic organisation generated (seed 42):
  parties:             5
  counterparties:      10
  ...
[3/4] Associating 'tenant_admin' with the operational parties...
  5 parties associated.
[4/4] Finalizing tenant provisioning...
✓ Tenant provisioned: bundle 'base', 5 parties associated.
ores-shell> ✓ Logged out successfully.
ores-shell> Bye!

With no options this publishes the first available reference data catalogue and uses the GLEIF registry as the data source, just as the wizard's defaults do. The options mirror the wizard's pages:

• --bundle <code> selects a specific catalogue (bundles list shows what is available).
• --source gleif (the default) optionally takes --root-lei <lei> to build the house hierarchy from a real organisation; find the LEI with lei countries and lei entities <country> --filter <text>.
• --source synthetic generates a realistic artificial organisation instead. All the generation controls from the wizard's synthetic page are available as options with the same defaults (--party-count, --counterparty-count, --portfolio-leaf-count and so on); --seed <n> makes the result reproducible — the same seed always generates the same organisation, names included.

The command publishes the catalogue and waits while the backend works through its datasets, printing each step as it completes; generates the synthetic organisation when selected; associates your administrator account with every operational party; and finally marks the tenant active. As with the wizard, log out and back in afterwards so your session picks up the now-active tenant.

provision party performs the Party Provisioner's work for one party. Unlike the wizard — which runs for the party you selected at login — the command always names its target explicitly, either by its full name or by its identifier; parties list --category Operational shows the candidates:

login tenant_admin@default Secure-Password-123
provision party "Lloyds Wealth Management Ltd" --reports all
logout
exit

./projects/ores.compass/compass.sh shell << 'EOF'
<<shellprov-party>>
EOF

ores-shell> ✓ Login successful!
ores-shell> [1/4] Importing counterparties (dataset small)...
✓ All 1 step(s) completed.
[2/4] Publishing organisation bundle for the party...
✓ All 3 step(s) completed.
[3/4] Creating report definitions...
  Created report definition 'Cashflows'.
  ...
[4/4] Activating party 'Lloyds Wealth Management Ltd'...
✓ Party 'Lloyds Wealth Management Ltd' provisioned and active.
ores-shell> ✓ Logged out successfully.
ores-shell> Bye!

The options mirror the wizard's pages: --dataset-size small|large selects the counterparty import size (small is the default), and --reports takes all (the default — the wizard pre-selects every template), none, or a comma-separated list of template names from reports templates. The command imports the counterparties, publishes the party's organisation data, creates the selected report definitions, and activates the party.

The provision commands are built from smaller commands you can use on their own — to inspect the system, to recover when a step fails, or to assemble a custom flow. Each provision phase prints which of these it is performing, so a failed run tells you where to pick up by hand.

The provision commands call these in sequence; you can call them individually to inspect the system or to recover a failed run from where it stopped.

The shell runs scripts with the load command: one command per line, # starts a comment, and blank lines are ignored. A script stops at the first command that fails — so a run that reaches the end has genuinely succeeded — and reports the failing line and command. When you want a script to press on regardless, for example while exploring, pass --continue-on-error:

load my_script.ores
load my_script.ores --continue-on-error

ORE Studio ships a small library of provisioning scripts in projects/ores.shell/scripts/. Each .ores script in the library is generated from a documentation file alongside it that explains, step by step, what the script does and what it expects of the system — read that file before running a script for the first time. Treat the shipped scripts as templates: copy one and adjust the copy rather than editing the original, which the build regenerates.

The library's acme_system_provision.ores provisions a complete system from a fresh installation: platform administrator, an Acme tenant with a reproducible synthetic organisation, and the house's root party with every standard report. (Its sibling barclays_system_provision.ores does the same from the GLEIF golden copy instead of synthetic data.) It expects a fresh installation in bootstrap mode, all services running, and a connected, logged-out session.

load projects/ores.shell/scripts/library/acme_system_provision.ores
exit

An error-free run ends with a fully provisioned system (the excerpt below elides most of the run — the full output reports every dataset, generation count and report definition as it lands):

./projects/ores.compass/compass.sh shell << 'EOF'
<<shellprov-all>>
EOF

ores-shell> Loading script: projects/ores.shell/scripts/library/acme_system_provision.ores
> provision system super_admin Secure-Password-123 admin@localhost.com ...
✓ System provisioned. Tenant 'Default Tenant' ...
...
> provision party "Lloyds Wealth Management Ltd" --reports all
[4/4] Activating party 'Lloyds Wealth Management Ltd'...
✓ Party 'Lloyds Wealth Management Ltd' provisioned and active.
> logout
✓ Logged out successfully.
Script complete: 9 commands executed.

Two details are worth pausing on. The seed pins the generated organisation, which is why stage 3 can name Lloyds Wealth Management Ltd — change the seed and you must discover the new root party with parties list --category Operational and update the script. And the logouts between stages are not ceremony: they are how the session learns that the tenant has become active and the parties exist, exactly as the wizards instruct.

Log in — from the shell or the desktop application — as tenant_admin@default, select a party, and daily use begins, just as at the end of the previous chapter.

Every person and process that talks to OreStudio does so through an account. The provisioning wizards described in the Initial Setup chapter create the first accounts for you — the platform administrator during system provisioning and the tenant administrator during tenant creation. Those wizards are a one-time bootstrap: every account after that is created and managed in the Accounts window described here.

Accounts come in four types, shown as coloured badges throughout the UI: User for people, Service for OreStudio's own backend services, Algorithm for automated processes, and LLM for large language model agents. What an account is allowed to do is determined by the roles assigned to it; which data it can see is determined by the tenant it belongs to and the parties it is assigned (see Initial Setup for the tenant and party model).

Open the Accounts window from the Administration submenu of the System menu. The Administration menu is only present for accounts that hold administrative permissions.

The window lists every account visible to your login identity, one row per account. Alongside the username and email, badge columns show the account type, the login status (Online, Recent, Old, or Never for accounts that have never logged in), and whether the account is locked. The remaining columns carry the record version and provenance — who last modified the record and when.

The toolbar follows the standard entity-window layout (Reload, Add, Edit, Delete, History) and adds four account-specific actions: Lock and Unlock to suspend and restore login access, Reset Pwd to set a new password, and Sessions to inspect the account's login sessions.

Double-click an account (or select it and press Edit) to open the detail dialog. The dialog has six tabs; the same dialog serves creation, editing, and read-only inspection of historical versions.

• General — username, email, and the account type. The type is chosen at creation time and is read-only afterwards.
• Security — set or change the account password (see the new-account flow below).
• Login Status — read-only login telemetry: whether the account is online, locked, its failed login count, last login time, and last known IP addresses.
• Roles — the roles assigned to this account (next section).
• Parties — the parties this account may log in to.
• Provenance — who changed this record version, when, and why.

Press Add in the Accounts window toolbar to open the same detail dialog in creation mode, titled New Account.

Passwords are set on the Security tab. The confirmation field outlines green once both entries match; tick Show passwords to verify what you typed before saving.

Passwords are entered masked; ticking Show passwords reveals both fields, useful when setting an initial password you are about to hand to the new user:

Next, assign at least one role on the Roles tab — without one the account will hold no permissions (see the note below):

For accounts that should log in to a party context, assign at least one party on the Parties tab; the combo box offers the tenant's party hierarchy:

If you save without assigning a party, OreStudio asks for confirmation — such accounts exist but cannot enter any party context at login:

OreStudio implements industry-standard Role-Based Access Control (RBAC). RBAC separates three concepts that are easy to conflate:

• An account is an identity — it answers "who is this?". It carries credentials (a password for users, certificates for services) and is the thing that logs in, appears in provenance records, and gets locked or unlocked. An account grants nothing by itself.
• A permission is the atomic unit of capability — it answers "what single thing may be done?". Permissions are fine-grained strings following a domain::resource:action pattern: refdata::currencies:read allows reading currency records, iam::tenants:create allows creating tenants. A trailing wildcard covers a whole domain — analytics::* grants every analytics permission — and the bare wildcard * grants everything.
• A role is a named bundle of permissions — it answers "what job does this identity do?". Roles are the only bridge between the two: accounts never hold permissions directly, they hold roles, and every permission an account exercises arrives through one of its roles.

This indirection is what keeps administration tractable: when a new permission is needed by everyone in trading, it is added to the Trading role once rather than to every trader's account, and an account's capabilities can be read at a glance from its role list.

Open the Roles window from the Administration submenu of the System menu to see the bundles:

This chapter covered identity and capability in day-to-day operation. The Accounts window presents every account your login identity may see — the platform administrator sees the system tenant's service machinery, a tenant administrator only their own tenant — and the detail dialog manages an account's credentials, roles, parties, and provenance across its six tabs. Creating an account is the same dialog in create mode, with the party warning (and the silent role gap noted above) to watch for. The RBAC model ties it together: accounts are identities, permissions are atomic capabilities, and roles are the named bundles that bridge them — service roles for OreStudio's own components, domain roles for the desks and functions of a financial institution. The next chapter completes the administration picture with the tenants those accounts live in.

• Initial Setup — the tenant and party model, the provisioning wizards that create the first accounts, and party selection at login.
• Tenants — managing the tenants that accounts belong to.
• Reference Data — the provenance and change-reason conventions shared by all entity windows.
• Role-Based Access Control — the general RBAC model behind OreStudio's roles and permissions.

A tenant is OreStudio's unit of isolation, and the party hierarchy within each tenant is its organisational structure. This section is the canonical home of that model; the Initial Setup chapter walks through the wizards that create tenants and parties, and this chapter picks up once they exist.

A tenant's isolation extends to everything it contains: its own users, its own reference data (currencies, counterparties, books), and its own analytics results. Data belonging to one tenant is completely invisible to another tenant; there is no cross-tenant data leakage by design.

A typical deployment has one tenant per organisation. If you are running ORE Studio for your own firm, you will create one tenant representing your organisation. A managed-service provider running ORE Studio on behalf of multiple clients might create one tenant per client.

The system tenant is special — it is created automatically during system provisioning and cannot be deleted. It is the home of the platform administrator accounts. There is exactly one system tenant per deployment. All other tenants are created by platform administrators working from the system tenant.

Tenants come in several types with different operational controls; the next section covers the taxonomy.

ORE Studio supports four tenant types, each with different operational controls:

• System — platform administration; one per deployment; platform-managed.
• Production — real customer organisations with live data; strict controls.
• Evaluation — demos, UAT, training, and exploratory testing; relaxed controls.
• Automation — programmatic test infrastructure; not for human use; no controls.

The system tenant is created automatically during system provisioning and cannot be deleted. It is the home of the platform administrator accounts; all other tenants are created by platform administrators working from it.

Production tenants are for live operations. They enforce strict controls including four-eyes authorisation for sensitive operations and KYC-gated counterparty onboarding.

Evaluation tenants provide a realistic but relaxed environment for demonstrations, user acceptance testing, and training. Bulk data import from external sources (such as the GLEIF/LEI registry) is available in evaluation tenants but not in production tenants.

Automation tenants exist for programmatic test infrastructure. They carry no operational controls and are not intended for human use.

Open the Tenants window from the Administration submenu of the System menu.

Each tenant carries:

• Code — the stable identifier (system, barclays_plc).
• Name — the human-readable display name.
• Type — one of the four tenant types described above; system for the root tenant, here evaluation for the business tenant.
• Hostname — the hostname the tenant's users connect through, which is how OreStudio routes a login to its tenant.
• Status — the lifecycle state, shown as a badge: bootstrapping while a newly created tenant awaits its provisioning wizard run, active once it is in service, with suspended and terminated closing out the lifecycle.

The toolbar extends the standard entity-window actions with Onboard — which creates a tenant and walks it through provisioning — and Reset, which returns a tenant to its post-provisioning state.

Double-click a tenant (or select it and press Edit) to open the detail dialog.

The General tab carries the fields described above; the status combo is how an administrator moves a tenant through its lifecycle. The second tab holds the record's provenance:

Tenant records are versioned with full provenance like every other entity — see the Provenance section of the Reference Data chapter. The History toolbar action shows a tenant's full version history.

This chapter completed the administration picture begun with accounts and roles. Tenants are the unit of isolation and parties the organisational hierarchy within them — the house and its counterparties — with visibility following the hierarchy. The four tenant types carry operational postures from the strictly controlled production tenant to the uncontrolled automation tenant, and their lifecycle runs from bootstrapping through active to suspended or terminated — all visible at a glance in the Tenants window's status badges. The detail dialog edits a tenant's identity and status under the same provenance regime as every other entity. With connection, provisioning, and administration covered, the manual turns from the system itself to the data it manages: reference data.

• Initial Setup — the tenant model and the provisioning wizards.
• Accounts and Roles — the accounts that live inside each tenant.

Reference data is the static or slowly-changing master data that all financial activity depends on. It defines the vocabulary of the system — the currencies a trade is denominated in, the counterparty on the other side of a deal, the book it settles into, the country a legal entity is incorporated in. Without it, nothing else can be described precisely.

OreStudio's reference data covers a wide range of entity types:

• Currencies — ISO 4217 codes, display formatting, and rounding rules.
• Countries — ISO 3166 alpha-2 codes and names.
• Trading conventions and calendars — holiday calendars, settlement day rules, date rolling conventions, and tenor definitions that drive date arithmetic in trade processing and valuation.
• Counterparties — the external legal entities your organisation trades with.
• Books — the internal trading books that own positions.
• Business units and portfolios — the organisational structure within a party.
• Party types and statuses — the classification vocabulary for parties.
• Classifications — supplementary taxonomies such as currency market tiers and monetary natures.

Reference data is distinct from the other two main categories of data in the system:

• Market data — prices, FX rates, yield curves, and volatility surfaces that update continuously throughout the trading day. Market data is time-stamped and immutable once recorded; a new observation does not overwrite an old one.
• Trades — specific financial transactions between parties with defined cashflows, valuation models, and lifecycle states. Trades reference the reference data (they need a currency, a counterparty, a book) but they are not reference data themselves.

The key property of reference data is that it changes slowly and deliberately. A currency's rounding convention is not something that shifts intraday — it is corrected through a controlled, audited process. OreStudio enforces this with a comprehensive data quality framework described in this chapter.

Financial calculations are only as reliable as the data they consume. A misspelled currency name is a cosmetic nuisance; an incorrect rounding rule, a wrong counterparty identifier, or a stale market tier classification can silently propagate into risk figures, margin calls, collateral calculations, and regulatory reports. The consequences range from minor reconciliation breaks to significant financial loss or regulatory censure.

OreStudio's reference data layer is designed around the definition of data quality from ISO 8000 and the DAMA Data Management Body of Knowledge (DAMA-DMBOK): data quality is the measure of how well a dataset satisfies the requirements of its intended business use. In financial markets this means data must be not only accurate but also complete, consistent, timely, valid, and unique — the six industry-standard DQ dimensions described below.

This chapter established the foundations that every entity chapter builds on. Reference data is the slowly-changing vocabulary of the system, distinct from streaming market data and transactional trades, and OreStudio governs it with the six industry-standard data quality dimensions. The bitemporal storage model gives every record an immutable version history; provenance records who changed what, when, through which service, and why; and the structured change reason system turns every modification into an auditable event. These mechanisms appear identically in every entity window — the following chapters, starting with currencies, document each entity on top of this shared foundation.

• ISO 8000 — international standard for data quality.
• DAMA-DMBOK — data management body of knowledge, including the DQ-6 framework.
• Temporal database — background on transaction time, valid time, and the bitemporal model.
• Time and Timestamps: Architecture and Conventions — internal architecture document (doc/knowledge/architecture/time-architecture.org).
• BCBS 239 — Basel Committee principles for effective risk data aggregation and reporting.
• GLEIF — the Global Legal Entity Identifier Foundation; publishes the LEI registry and the LEI-to-BIC mapping dataset.

Currencies are the foundational reference data entity. Every trade, cashflow, position, and P&L figure in the system is denominated in a currency; getting the currency record right is a prerequisite for everything else.

The international standard for currency codes is ISO 4217. It defines a three-letter alphabetic code (USD, EUR, GBP), a three-digit numeric code (840, 978, 826), a currency name, and the number of decimal places — for example, USD has 2 minor units, meaning amounts are expressed to the nearest cent.

ISO 4217 is widely adopted and OreStudio uses it as its primary identifier. However, the standard has gaps that matter in practice:

• It does not classify currencies by market tier — the distinction between major G10 currencies and emerging-market currencies is economically important but absent from the standard.
• It does not cover digital assets. Cryptocurrencies such as Bitcoin or Ethereum are increasingly relevant in financial systems but have no ISO 4217 code.
• It says nothing about display formatting — whether a symbol precedes or follows the amount, what the thousands and decimal separators are, or how the fractional unit is labelled.
• It does not specify rounding conventions — whether a calculation result should be rounded up, down, or to the nearest unit.

OreStudio extends the ISO 4217 model with additional fields to cover these gaps: monetary nature, market tier, currency symbol, fraction symbol, a printf-style format string, and configurable rounding rules. The standard fields remain primary; the extensions are supplementary.

Open the Currencies window from the Reference Data menu. It lists all currencies defined in the tenant, with one row per currency.

The toolbar buttons reload the list and adjust the display. The list is paginated; use the page controls at the bottom right to navigate. Double-clicking a row opens the Currency Details dialog.

The Currency Details dialog has four tabs: General, Formatting, Rounding, and Provenance. The three action buttons at the bottom — Delete, Close, and Save — apply to the currency as a whole.

To edit a currency, open it in the Currency Details dialog, make your changes, and click Save. Before the record is written, OreStudio prompts for a change reason.

Select a Reason from the drop-down and add optional Commentary. Click Save to confirm. Every save creates a new version; the previous version is never overwritten.

To view the full change history, open the details dialog and click the history icon in the title bar, or right-click the row and choose History.

Select a version to populate the detail panel. The Changes tab shows which fields changed between the selected version and its predecessor. The Revert button reinstates any historical version as a new version, preserving the full audit chain.

The three tables described in this section act as classification vocabularies for currencies. In a standard deployment their values are fixed at provisioning time and rarely change; OreStudio still versions and audits them the same way as any other reference data. They are managed by the system tenant and are accessible from the Reference Data → Currencies sub-menu.

The ORE Studio interactive shell provides quick currency access without opening the Qt UI:

# List all currencies (paginated)
currencies get

# Add a new currency:
#   <iso_code> <name> <numeric_code> <symbol> <fractions_per_unit>
#   <change_reason_code> <change_commentary>
currencies add XTS "Test Currency" 963 T$ 100 system.test "manual example"

# Delete a currency by ISO code
currencies delete XTS

# Show history for a currency
currencies history USD

The ores.cli command-line tool provides a richer interface for automation. All currency commands live under ores.cli refdata currencies:

# List all currencies as a table
ores.cli refdata currencies list --format table

# List a specific currency as JSON
ores.cli refdata currencies list --format json --key EUR

# Add a new currency
ores.cli refdata currencies add \
  --iso-code XTS --name "Test Currency" \
  --numeric-code 963 --modified-by operator \
  --currency-type fiat

# Delete a currency by ISO code
ores.cli refdata currencies delete --iso-code XTS

# Export all currencies to a file
ores.cli refdata currencies export --output currencies.json

This chapter documented the currency entity end to end. ISO 4217 provides the standard identity — code, numeric code, name, minor units — and OreStudio's extensions cover what the standard leaves out: market tiers, monetary natures for digital assets, display formatting, and rounding conventions. The Qt windows manage the records under the full data quality regime of the previous chapter, the three auxiliary classification tables govern the values a currency may reference, and the shell and CLI expose the same operations for scripted use. Currencies are the template: subsequent entity chapters follow this same shape.

• ISO 4217 Currency Codes — the international standard for currency identification.
• SIX Financial Information — the ISO 4217 maintenance agency.
• MSCI Market Classification — framework for developed, emerging, and frontier market designations.