Role, or the user will not have access to any process. For example, if a User is created and associated to a Group, but the Group is not associated to a Role, the user will not see any items in the left navigation tree panel.
Definitions
Enterprise - An identifier assigned to the primary organization using the software. This
identifier provides an umbrella to the security and data in an environment where multiple companies (or organizations) are utilized, such as the ASP (Application Service
Provider) environment. An Enterprise can consist of multiple Companies.
Company - An identifier that relates to a specific company, as well as its security and
data. It also correlates directly to the company record entered in the ABS (Accounting and Business Solutions) System Administrator > Company screen. One Enterprise can consist of multiple Companies. A user chooses the Company to use at time of login.
User - A security record (or account) that consists of a username, password, last name,
first name and e-mail address of a user. Typically, one user account will be established for each employee or user. The maximum length for the username is eight characters.
The maximum length of the password is eight characters. Both the username and password can use any combination of letters or numbers with the exception of special characters (#, ?, %, etc.)
Group - A name that groups or associates one or more users into a classification. For
example, a group entitled "CSR" may be a logical grouping of users who function as Customer Service Representatives. Groups consist of a group name and description. The maximum length of the group name is eight characters. The maximum length of the group description is thirty characters.
Role - A name that identifies a specific security role. Security to all screens, folders,
reports and processes (any left navigation item) is defined at this level. For example, a role entitled "Security Admin" may be a role whereby security for the Security functions are available, and all other items are unavailable. Roles consist of a role name and description. The maximum length of the role name is eight characters. The maximum length of the role description is thirty characters. The following access modes are available for every screen, folder, report, and process (called "items" in the definitions below) located in the left navigation panel:
No Access - Access is disabled. User will not have access to this item. The item will
not appear in the left navigation tree panel.
Inquire - Access is inquire only. User can search and display information for this item,
but will not be able to add, modify, or delete information.
Update - User will have the ability to search, display, and modify information for this
item. If a Save button is available on this screen, it will be visible to the user.
Add - User will have the ability to search, display, modify, and add information for this
item. If an Add button is available on this screen, it will be visible to the user.
Delete - User will have the ability to search, display, modify, add, and delete
information for this item. If a Delete button is available on this screen, it will be visible to
the user.
Best/Common Practices
1. Role Setup - When setting up security for the first time, it is best to start with
defining Roles first, then progress to Groups, then Users. Roles are best thought of as "functions". Determine what basic functions are needed. Disregard
employee titles at this time. As with many businesses, some employees tend to perform multiple duties (or functions), and titles do not often describe each of those functions. Examples of common Roles are:
CSR - A customer service function. Enable security in the CIS, POS, CR, and
other applications that are appropriate for someone who performs the duties of a CSR. Even if one of your CSRs perform security administration functions, do not enable Security to this role unless you intend for all of your CSRs to perform this function. Only enable what is necessary and appropriate for all CSRs.
CISAdmin - An administration function for the entire CIS application. Enable
security for all of CIS and disable all others.
Payments - A role whereby only access to payment processing items are
available. All other items are disabled.
SecAdmin - A role whereby only access to the Security items are available. All
other items are disabled.
2. Group Setup - Now that Roles are defined, create the Groups. When starting
out, it is common to set up a Group for every Role that is defined. This one-to- one relationship is the simplest to administer, permitting more complex security
models to be developed later. Create a Group for every Role. Use the same name as the Role to simplify the process.
3. Group to Role Mapping - Once the Groups are created, use the Groups screen
to assign a Role to every Group like the following:
Group Assigned To Role
CSR ← CSR CISAdmin ← CISAdmin SecAdmin ← SecAdmin Payments ← Payments
4. User Setup - Build user accounts using the Users screen.
5. User to Group Mapping - Once the Users are created, use the Groups screen
to assign one or more Groups to every user. This is where multi-function users can easily be established. In our example below, all CSRs will be set up, with the exception of SallyX who is a CSR with the added responsibility for security administration:
User Assigned To Group
BettB ← CSR JohnC ← CSR SallyX ← CSR SalleyX ← SecAdmin
6. Since the Roles in this example were explicitly defined and mapped to similarly named Groups, providing SallyX with two roles is simply executed. In addition, if the role (or function) of security administration were to move from SallyX to BettyB, it would simply be a matter of removing the SecAdmin group from SallyX and adding it to BettyB.