Purpose: Some security features in the system are set by MICROS, while others require decisions and planning by your system administrator or security officer. You are not required to use every security feature that the system offers. Your company procedures will determine which features you need to implement.
It is recommended that you read this entire chapter before performing any security related activities. Since access to system options relies on the level of security each user is assigned, security implementation requires well thought-out procedures.
In this topic:
• Understanding System Security
• Optional Security Procedures
Security is established in three aspects of the system:
• Application security
• Menu security
• Feature security
Application security: (Defined by MICROS.) MICROS delivers the software with a built-in security code you must enter to operate the software. This code is generated by MICROS and is provided to you at installation time. At installation, the menu driver checks the code you enter against the MICROS code. If a mismatch is found, the menu driver does not allow you to access the software.
Menu Security: Menu security is initially defined by MICROS, until you change authority levels when setting up user records (and user classes, if applicable).
Access to menus depends upon whether the system is delivered in a 'closed' or 'open' environment. In a closed environment, users are not allowed to access a menu option until they are granted authority. In an open environment, all users are allowed access to menu options unless they are specifically prohibited by the authority level in their user or user class record.
You establish authority to menu options through user records and, if applicable, to user classes. Access to companies, secured features, and user defined options is also established at the user and user class level.
Feature Security: You can establish feature security by user and user class, and also by individual feature. A feature is a procedure or action that occurs within a function. For example, the ability to maintain batch totals and override prices in the Order Entry function are examples of secured features.
The system allows you to assign a company-wide authority level to a single secured feature. A feature's authority level (*ALLOW, *EXCLUDE, or *DISPLAY) replaces the need for passwords. If you permit authority to all features in the system, all users can perform the feature unless a user is specifically excluded from a feature on the user record or user class level.
Before you begin: Read this entire chapter. You'll find that some security setup is required, while other features are optional (although you might consider some optional features important to your business). Certain features require prior setup before you can use others. For example, user classes are not required, but if you plan to use them, you must establish user classes before setting up your user records, which is a required component of the system.
What is required? First, you must have access to the system and define yourself as the system administrator in your user record (Y in the System Administrator field). This means that you have access to all menu options, system control values, and secured features on the system, and that you have the authority to create user records and assign authority levels. At a minimum, you must:
• Create your primary company (and other companies if you are working in a multi-company environment)
• Create user records for all personnel who will use the system and assign company authority
• Define the system control values necessary to the running of your company
• Creating user classes
• Assigning menu option, secured feature, and user defined authority to individual users or user classes
• Creating menu options
• Creating and tailoring menus
• Creating additional application areas and application groups
• Setting up calling programs and user defined functions
Purpose: The security components you must set up to use the system are companies, user records, and system control values.
For more information:
• Working with User Records (WUSR)
• System Control File Components.
Companies are single, isolated sets of data: an organization's financial information, inventory, and customers. The majority of files includes COMPANY in the key, so you can establish unique sets of data without having separate libraries, although you can use separate libraries if you wish.
The files that are not company-specific, but rather library-specific include:
• ZIP file. See Customer Service Setting Up the Postal Code File (WZIP).
• Application Area file. See Setting Up Application Areas.
• Application Group file. See Setting Up Application Groups.
• Menu file. See Customizing Menus (WMNU).
• User file. See Working with User Records (WUSR).
If your company is providing fulfillment services for other companies, you can set up a separate company for each client you serve.
When should you create more than one company? You must create another company when you do not want data, (for example sales analysis figures, items, customers) to mix with another company's data. If you only want to separate sales analysis, you can handle that through entities and divisions. See Sales Reporting Hierarchy.
User records allow an individual to sign on and access all or some of the features of the system. A user can be a customer service representative, order entry operator, or warehouse worker. Each user on the system must have a user record.
Among other attributes, the user record contains:
• the user's name
• the user's ID code (the code that identifies the user to the system)
• the user class (optional)
• the default menu (the first menu that appears when the user signs on to the system)
• the default company (the company that a user automatically works after signing on to the system)
• the default authority level (indicating either global access to or exclusion from the system)
In addition, authority to companies, menu options, secured features and user defined functions can be assigned when creating or maintaining user records.
Creating user records:
1. MICROS delivers a default user record called *DEFAULT. You update this default user record, and establish the user class, default menu, default company, and default level of authority. Then, use the Working with User Records (WUSR) menu option to copy the default user record and create a new user record for each employee with the same defaults. Change the defaults as necessary.
2. You can create unique user records for each employee using the Create User Screen.This method allows you to tailor the user record to fit each employee's work requirements.
System Control file: The System Control file is where you define many of the processing characteristics of the system. The options in this file are used to control special system information, such as:
• How the system will calculate pricing in Order Entry
• How SKU information will appear
• How you will perform a physical inventory
• Whether you will use Cart/Bin picking
• How you will assign purchase order numbers
The information defined in the System Control file is confidential and critical to the operation of your system. Access to the System Control file is restricted to users who have system administrator access. This file should not be available to all users.
User classes are logical groupings of users, for example all Order Entry operators. Like the individual user record, a default menu and default company can be assigned so that all users in this user class will sign on to the same menu and work within the same company. Authority to companies, menu options, secured features and user defined functions can also be assigned at the user class level.
See Setting Up User Classes (WUCL).
Why use user classes? If you want all your Order Entry operators to have the same level of authority and access to the system, you might want to create a user class where you define the defaults that will apply to all users in this class. As you create user records, you need only assign the user class that you have created to each Order Entry user record. In this manner, classes can be established and assigned for each group of users in your company.
Note: The authority level assigned to an individual user's record always overrides the authority defined in the user class record.
Creating menu options: MICROS delivers a complete set of menus and menu options, but allows you to create options for commands, programs, and processing functions that you can add to existing menus, or menus that you create through the Customizing Menus (WMNU) menu option.
If you plan on creating menu options, you will need to do this before you can add them to an existing menu.
Creating or customizing menus: The system allows you to create your own menus or customize existing menus, by adding menu options or changing the arrangement of options on a menu. While menus are organized according to application, you might want to create a menu that only contains the options to perform certain specific tasks, such as customer service activities.
Scenario 1: seasonal help: You need to create user records for your company's seasonal help.
You want your Order Entry operators to have access to the Order Entry Menu only (not Accounts Receivable or Fulfillment menus, for example). You also want them to have access to only some of the features on that menu (entering orders, but not maintaining them, and not working with batch totals, for example).
What's the best way to use the system's features to establish security in this case?
One method would be to create a menu with only the specific menu options to which you want to provide user access When you create the user record, specify this menu as the default menu. Do not allow access to the Fast Path feature. This will restrict the user's access to the system to this menu only.
Scenario 2: the prompt feature: You'd like to restrict a user's ability to create a code or value when using F4 to prompt.
On almost all fields in the system's functions, you can press F4 to display a pop-up window that shows you the available codes or values for the field you prompted. This pop-up window allows you to select a code or value and create one, if necessary. However, you may not want all your users to be able to have the ability to create source codes, salespeople, ship vias, or items, for example. You want your users to be able to prompt for this pop-up window in order to select a required value, but not to create it.
You can restrict access to the 'Create' option in the pop-up window, but still allow the window to be prompted, through the 'Work with Users' option. Work with Users allows you to assign an authority level to menu options (*ALLOW, *DISPLAY, *EXCLUDE).
For example, if you want to restrict a user from being able to create a source code while in Order Entry, you can:
1. Select Working with User Records (WUSR)
2. Locate the user record
3. Enter the option for menu option authority (Option 8)
4. Locate Work With Source Codes
5. Assign the *DISPLAY authority level to the Work With Source Codes menu option
This user will still be able to display the pop-up window in Order Entry to list existing source codes from which to choose, but won't be able to create a source code by using F6 to create, neither in the pop-up window nor anywhere else in the system.
Security Component |
Status |
Create a user record establishing yourself as the System Administrator. See Working with User Records (WUSR). |
Required |
Create company if in a single company environment, or more than one if in a multi-company environment. See Setting Up Companies (WCMP). |
Required |
Create user classes, if you plan to group users according to user class. See Setting Up User Classes (WUCL). |
Optional |
Create user records. User records can be automatically created or user-created. See Working with User Records (WUSR). |
Required |
Define system control values. See System Control File Components. |
Required |
Define secured features. See Setting Up Secured Features. |
Required |
Set up calling programs and user defined functions. See Setting Up Calling Programs/User Defined Functions (WCPG). |
Optional |
Define company authority. See Setting Up User Classes (WUCL) and Working with User Records (WUSR). |
Required |
Define menu option authority. See Setting Up User Classes (WUCL) and Working with User Records (WUSR) |
Optional |
Define secured feature authority. See Setting Up User Classes (WUCL) and Working with User Records (WUSR) |
Optional |
Define user-function authority. Working with User Records (WUSR). |
Optional |
Create menu options. Delivered with the system, although you can create others. See Setting Up Menu Options (WOPT). |
Optional |
Create menus. Delivered with the system, although you can create others. Customizing Menus (WMNU). |
Optional |
Create application groups. Setting Up Application Groups. |
Optional |
Create application areas. Delivered with the system, although you can create others. Setting Up Application Areas. |
Optional |
| Establishing Security | Contents | SCVs | Search | Glossary | Reports | Solutions | XML | Index | Setting Up Companies (WCMP) |
IN01_01 CWDirect 18.0.x 2018 OTN