| Excerpt | ||
|---|---|---|
| ||
Learn to work with Security Management |
...
Security Profiles provide information related to the access of modules and features by users. For example, they determine whether a menu option is available on the left menu and if the 'New' button is available for subscriptions in the Data Entry page or if the accounts receivable report, and create WEB API will be available.
Security profiles are then then assigned to users and and determine the respective modules and features each User will have access to when logging into the Systemsystem.
| Note |
|---|
By default, full access is granted by Security Profiles and it is up to you to restrict access. |
...
| Main Information | |
|---|---|
Name Alternative Code Number of Active Users: A read-only value that provides the number of 'Active' users that use the specific Security Profile. | |
| Inherited Security Profiles | |
Security profiles may inherit configuration of existing security profiles to speed up the setup process. The configuration of inherited security profiles overrides that of newly created profiles. For example, if a security profile for team leaders does not allow access to module configuration, then the security profile for team members (inherited from the team leaders' security profile) will also not allow access to module configuration, even if access was allowed in the definition of the team members' profile. Therefore, inherited security profiles are useful when you wish to add additional restrictions to those of an existing profile. | |
| Menu Access | |
| Main Menu | Allow or deny access to main menu options by selecting them (left hand side checkbox) and click on Allow Access or Deny Access links respectively. |
| Shortcuts Menu | Allow or deny access to main menu options by selecting them (left hand side checkbox) and click on Allow Access or Deny Access links respectively. |
| Module Access | |
Define the features from each module which should be restricted for this security profile Modules can be filtered by application area by using the list filter. ' '. Select a module to load the security settings and select to grant or restrict its access by using 'Allow Access' and 'Deny Access'respectively.
| |
| Common Processes | 'Deny' or 'Allow' access to each module's Common Processes, which include:
|
| Additional Processes | 'Deny' or 'Allow' access to each module's Additional Processes, which include actions available in the Actions Menu of the 'Manage Module' page and Common Processes and actions of all Configuration Modules of the specific entity. |
| Custom Processes | 'Deny' or 'Allow' access to each module's Custom Processes, which include any processes that are not included as standard with the software release but have been explicitly implemented for an organisation. |
| Web API Methods | 'Deny' or 'Allow' access to WEB APIs available for each module. |
| Reports | 'Deny' or 'Allow' access to Reports available for each module. |
| Printouts | 'Deny' or 'Allow' access to Printouts available for each module. |
| Interfaces | 'Deny' or 'Allow' access to Interfaces available for each module, which are not included as standard with the software release (like Custom Processes). Such interfaces are available only if requested by an organisation and can be found under Pentaho Exports or Pentaho Imports of the Utilities module. |
| Dashboards | 'Deny' or 'Allow' access to the Dashboards available for each module. |
...
- Control over records shared between groups based depending on their privacy level: Create For example, create Group Collaboration Profiles and define the Privacy Levels and Privacy Level Groups as conditions of what is shared to share data between London and Manchester group but restrict modification of records created by London users, to Manchester users.
- Control over visibility and modification of records with a specific privacy level: For example, setup Conditional Security Restrictions and restrict visibility and modification of address and telephones, of contact information with high privacy level to all call centre agents . Refer to Applying conditional security conditions.
- Assign new records to particular users or departments according to the privacy level : Setup Conditional Security Restrictions and set visibility and modification restrictions on fields of records based on their privacy level. Refer to Applying conditional security conditionseach record has: For example, setup Automatic Collaboration Rules and assign new activities with high privacy level to the manager. Refer to Applying automatic collaboration rules.
Privacy level and privacy level group fields
...
Automatic Collaboration Rules (ACRs) are used to automatically assign a record to a specific user or unit based on a set of conditions, to further process the record up to its completion. ACRs are applied when creating or modifying a record that meets the ACR conditions.
...
The logging of an Audit Trail can be applied to a block of information or to components of that block. e.g., for the Contact Information Entity, the complete address block or only specific components of the address (e.g Address/District) can be monitored. When an address block is monitored, every time the address is modified, added or deleted, an entry will be added to the Audit Trail. When the district is monitored, an Audit Trail entry will be added when the district of an already defined address is updated.
Refer to Viewing Audit Trail to see how audit trail settings are applied and shown for updated records.
Audit trail fields
The table describes the sections of Audit Trail Data Entry page, and explains how the fields in the page are used.
...
Using Security Management
| Anchor | ||||
|---|---|---|---|---|
|
...
Control who has access to records when shared between different departments, (collaboration of groups), or control visibility and modification of information of those records, by setting a privacy level. Use Actions > Set Privacy Level available from the Actions menu available through Summary and Data Entry Pages.
In case you are setting the privacy level through the Summary page make sure that you first select all the records that you wish to update by checking the checkbox on the left hand side of the record.
...
- By changing contact information or accounts receivable privacy levels, the privacy level of any Contact Information based Entities or Accounts Receivable based Entities records, is affected
- In case privacy level is not defined the record is accessible to all users.
- Privacy level can be automatically set on a record based on Privacy Level Assignment Rules (PLARs).
| Anchor | ||||
|---|---|---|---|---|
|
...
Security Profiles are assigned to users through the Manage Users Data Entry page. Once you create the security profile you can define the security level of a user by adding the profile to his user. 
| Anchor | ||||
|---|---|---|---|---|
|
...
Audit trail helps you identify and changes done to records in your system by providing information on the old and new value as well as the user that made the change. Once audit trailed entities are established, it will be possible to monitor their modifications directly from the entry's Data Entry page.
...
| Panel | ||||
|---|---|---|---|---|
| ||||
Scenario 3 Company ZX would like to monitor every change of address. Solution Configuration Audit Trail Create an 'Active' Audit Trail record with the following settings:
|
| Note | ||
|---|---|---|
| ||
|
...